FortiClient VPN (New issue)

Question

I have another issue with forticlient VPN saying: credential or ssl vpn configuration is wrong (-7200). I reinstalled Forticlient VPN for someone and configured his VPN to his requirements. Afterwards I clicked SAML login and that was when the issue appeared. I checked internet options and only enabled TLS 1.2, I tried adding the remote gateway as a trusted site and clearing SSL State from internet options and inside the VPN configuration I enabled Single Sign On (SSO) for VPN Tunnel. I also tried to enable VPN before logon and do not warn Invalid Server Certificate. None of them fixed the issue I currently have, and the connection name and remote gateway of the configured VPN are correct. So, what else can I do to fix the problem?

mturic · Answer

Hi,

running the following debugs on the FGT should give some better understanding on where exactly is it failing.

diag debug reset

diag debug console timestamp enable

diag debug app samld -1

diag debug app sslvpn -1

diag debug enable

Does the SAML IdP window appear at all after clicking on the SSO login in FortiClient?
Not sure if you've seen it, but you can check these articles to verify if your SAML setup is correct:
https://community.fortinet.com/t5/FortiClient/Technical-Tip-SAML-for-SSL-VPN-Tunnel-mode-FortiClient-with/ta-p/193357
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Create-SSL-VPN-with-Azure-SAML-SSO-Authentication/ta-p/200812

https://docs.fortinet.com/document/forticlient/6.4.0/new-features/402514/saml-support-for-ssl-vpn

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded