Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
edgar1
Staff
Staff

Created on ‎11-04-2016 12:03 PM

Cannot connect to SSL VPN, FortiGate 5.4 (Windows 7 and XP) Part2

Description
This article addresses the error message "Cannot connect to VPN. The VPN server could be unavailable." which may be seen when Windows 7 or Windows XP tries to connect to SSL VPN when using v5.4.

Scope
FortiGate All Models
FortiOS as of v5.4

Solution
In addition to enabling SSLv3 and/or TLSv1.0, it may also be needed to allow any cipher strength (high and medium):

conf vpn ssl setting
  set sslv3 enable     // might be needed
  set tlsv1-0 enable   // might be needed
  conf authentication-rule
  edit <rule_id>
    set cipher any
  next
  end
end


Cipher strength:

set cipher ?
any       Any cipher strength.
high      High cipher strength (>= 168 bits).
medium    Medium cipher strength (>= 128 bits).


This may have to be done on every authentication rule that allows Windows 7 and XP access through VPN SSL.


Labels:
1099
0 Kudos
Contributors

Contact Us