Created on 11-13-2023 11:28 PM Edited on 11-14-2023 06:10 AM By Jean-Philippe_P
Description |
This article describes the issue of the FortiClient iOS (VPN ONLY) version that failed to connect to SSL VPN with Azure SAML SSO with MFA after it was updated to version 7.2.2.0116. It has been rolled out on 22nd September 2023:
To identify the root cause, it is possible to enable the debug command on FortiGate:
diag vpn ssl debug-filter src-addr4 <Client’s PIP> diag deb app sslvpn -1 diag deb en
For this issue specifically, it was observed that the client attempted to connect to the SSL VPN with DTLS, but there was DTLS timeout observed on the debug log and hence the connection was removed:
<Sample debug log> [303:root:65f]DTLS established: DTLSv1 ECDHE-RSA-AES256-GCM-SHA384 from <Public IP> |
Scope | FortiClient (VPN ONLY) v7.2.2.0116. |
Solution |
There are 2 workarounds for this issue:
Note : There is a trial period of 30 days for the full version of FortiClient if there is not a valid FortiClient EMS license.
config vpn ssl settings
The respective should be resolved in FortiClient VPN ONLY in version 7.2.3. Hence, implementing workaround option 2 would be preferred as option 1 has a limited 30-day trial period.
Do take note that the FortiClient VPN-only version is not entitled to TAC support. The support for the respective version is provided in this Forum post: cannot longer connect FortiClientVPN 7.2.2.0116 Azure SAML MFA. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.