FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
article addresses the error message "Cannot connect to VPN. The VPN
server could be unavailable." which may be seen when Windows 7 or
Windows XP tries to connect to SSL VPN when using v5.4.
Scope FortiGate All Models
FortiOS as of v5.4
Solution In addition to enabling SSLv3 and/or TLSv1.0, it may also be needed to allow any cipher strength (high and medium):
conf vpn ssl setting
set sslv3 enable // might be needed
set tlsv1-0 enable // might be needed conf authentication-rule edit <rule_id> set cipher any next end end
set cipher ?
any Any cipher strength.
high High cipher strength (>= 168 bits).
medium Medium cipher strength (>= 128 bits).
This may have to be done on every authentication rule that allows Windows 7 and XP access through VPN SSL.