FortiClient VPN sends Token code but no Token field displayed until sometime later......

Forum|Forum|4 years ago
July 22, 2021
2 replies
9986 views

Hi,

Hope someone can help. I am using FortiClient VPN have tried versions 6 to 7. I enter my login details and receive a token code, but no Token field is displayed immediately to enter the Token Code, after some time the Token field is displayed but when I enter the token code I see an error message 'Permission Denied. (-455).

Does anyone know why the Token filed is not being displayed immediately ?

Thanks

Kush_Patel

Staff

For -455 code, it might be a problem with bad account or bad password.

you can even try to increase the timeout for two factor settings on FGT:

# config system global

set two-factor-email-expiry <in s>

set remoteauthtimeout <1-300s>

At what percenatge you are getting the error ?

srajeswaran

Staff

Can you confirm where is the authentication configured? Is it on a Fortiauthenticator/radius server?
The OTP field is displayed after the initial user authentication is completed, what might be happening is the authentication is getting delayed due to network issue/latency or CPU/memory issue on the authentication device .

Since OTP is entered late, the authenticator device session is timedout before OTP is received and results in permission denied error.

For now you can try increasing the OTP expiry timers as suggested in following article

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-and-two-factor-expiry-timers/ta-p/191661

Then check if there are any network issues/delays or CPU/Memory issues on authenticator device.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded