FortiClient SSL VPN Disconnecting continously

Hello Abel,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Hi there,

Can you link this issue to any change in your environment?
Have you tested other devices/FortiClient versions?
Is it possible for an effected user to use for a while web ssl portal instead of FCT tunnel mode?
That should help to identify if the issue is on firewall or client side.

https://docs.fortinet.com/document/fortigate/6.4.13/administration-guide/100733/ssl-vpn-web-mode

Did sslvpnd crash when the user reported the issue, are there other services crashing?
diag debug crashlog read

How's cpu/mem usage looking?
dia sys top

Check cpu/mem graphs, any spikes when the issue is reported?

Please follow the steps in this doc.

https://docs.fortinet.com/document/fortigate/6.4.13/administration-guide/993282/troubleshooting-common-issues

If no joy with these steps and web ssl portal cannot be used, or it has the same issues as FortiClient I can only think of running this debug on the firewall for longer and hope to capture the issue.
Identify a user, get the public IP address and filter for it in the debug.
Record the output to a file.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-log-file-of-a-session-using-PuTTY/ta-p/194148

Check what is the impact on the CPU/mem before leaving it on for a long time.
diagnose sniffer packet wan1 "host 1.1.1.1 and icmp" - this should keep putty/ssh sessions alive, that's the only reason is there.
If you manage to capture the issue, submit the debug to Technical Support along with a firewall config backup and tac report.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Download-Debug-Logs-and-execute-tac-report/ta-p/189549

diagnose debug reset
di de duration 0
diagnose debug cons time en
diagnose debug application sslvpn -1
diagnose debug application fnbamd -1
dia vpn ssl debug-filter src-addr4 <CLIENTPUBLICIP>
diagnose debug enable
diagnose sniffer packet wan1 "host 1.1.1.1 and icmp"

to disable, "di de di"

I hope this helps.

Hi,
Beside all the debugs presented above.
Also do a quick check of the idle timeout value under "config vpn ssl settings"
Default value is 300 sec:
https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/364620/config-vpn-ssl-settings
BR

In addition to existing information, I have some follow-up questions;

- Enable DTLS on all user's FortiClients. [Recommendation]

- Have you verified if the issue is happening to just WiFi users but Ethernet-connected users?

- Have you also checked if the users having this problem are connected via the same ISP?

- Have you considered upgrading the FortiGate to the latest available patch in that branch?

I've been experiencing an problem with my FortiGate firewall (running v6.4.3) and FortiClient VPN (v6.4.0). The issue is that my VPN connection keeps dropping intermittently, despite having a stable internet connection on my devices. It's quite frustrating as it disrupts my work and remote access. I've checked my network stability, reviewed firewall settings, and ensured my VPN configuration is accurate.

What is the OS of FortiClient machine? Is it Window 11? Have you tried with Wifi and Ethernet?

hello was this solved? can you please share your resolution. we have also the same scenario.

Hello Gauravb,

thanks for the info. so your ISP had solved the issue?

Great Nice to hear that you resolved the issue.