Skip to main content
browningit
browningit
New Member
May 12, 2020
Question

Some Windows 10 machines can't connect when Restrict to Specific OS Versions enabled

  • May 12, 2020
  • 1 reply
  • 6678 views

Hey all, hopefully someone can shed some light on an issue for me before I roll out a feature to all my customers. I want to enable the Restrict to Specific OS Versions option, but as soon as I do, some machines even in my office can't connect to VPN after.  The short of it:

 

1) Enable the feature on the fortigate, apply it (note: haven't set ANY deny rules yet)

2) Test SSLVPN on laptop, works

3) Test SSLVPN on desktop, fails at 80%

4) Enable a few deny rules for the OS versions I don't want to connect, Laptop still works, desktop still broken

 

Troubleshooting steps, and longer details:

PC in my home, with forticlient, can connect to any of my FGT devices around the world without issue. Laptop in the same home, same credentials can connect to the same firewalls. Each machine is ON THE SAME PATCH LEVEL. If I enable the Restrict to Specific OS Versions enabled, without setting any deny rules, one of my machines (desktop) stops working and fails at 80% on VPN connection. Laptop is unchanged. For testing, on the trouble computer we have: 1) Rolled back updates 2) Applied this weeks outstanding update 3) run DISM 4) Run SFC 5) Patched the NIC driver 6) Rolled back to a previous OS BUILD 7) Via support on another ticket, removed the app, ran the cleanup tool, reinstalled, issue persisted. Issue remains the same. I'd like to tell you that reinstalling windows would fix this, but this OS install is from December, and has minimal items installed. I am testing with other machines in my office to recreate this elsewhere. If there is anything else I can do to point out issues / configurations that are broken, please advise.

 

Anyone experienced this or resolved it?  All machines in my example so far are the same W10 1909 version and patch level.

    1 reply

    RonnyS_DD
    RonnyS_DD
    New Member
    May 19, 2020

    Two weeks ago i've also tested this "Restrict to Specific OS Versions"-Feature with same strange errors.

    I denied some IOS and <W7-OS entries.

     

    Freshout of the box W10 1909 and my upgraded W10 2004 workstations cant connect to sslvpn, there where some users with W7 / W8 - laptops which also reported connectionproblems, they all stuck at 80%.

     

    I finally disabled it and all connection came up without errors.

    browningit
    browningitAuthor
    New Member
    May 19, 2020

    I have since resolved this after learning some new things through support.  These versions and answers are ROUGHLY the timeline, but enough to get you going on figuring out what happened with my scenario and yours, dear Internet.

     

    1) Enabling this feature requires you to use Forticlient VPN ("free app") version 6.1 and older, 

    2) Forticlient VPN ("free app") versions 6.2 and above dropped support, and create the error of failing at 80% with a -14

    3) Installing the full version of Forticlient (EMS?) of any version 6.0.5 and above will allow the firewall feature to function and users to connect

    4) This solution requires you to uninstall the Forticlient VPN ("free app") 6.2, reboot, install the full version of 6.0.5 and above, then it will connect if you are on a supported OS based on your selections.

     

    While I am guilty of not reading EVERY changelog, this should be better highlighted from the support team and the download/installer.

     

    Cheers, 

     

    *edit for spelling

    Terms & ConditionsAccessibility statement