Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
edgar1
Staff
Staff

Created on ‎11-04-2016 12:03 PM

Article Id 193058

Cannot connect to SSL VPN, FortiGate 5.4 (Windows 7 and XP) Part2

Description
This article addresses the error message "Cannot connect to VPN. The VPN server could be unavailable." which may be seen when Windows 7 or Windows XP tries to connect to SSL VPN when using v5.4.

Scope
FortiGate All Models
FortiOS as of v5.4

Solution
In addition to enabling SSLv3 and/or TLSv1.0, it may also be needed to allow any cipher strength (high and medium):

conf vpn ssl setting
  set sslv3 enable     // might be needed
  set tlsv1-0 enable   // might be needed
  conf authentication-rule
  edit <rule_id>
    set cipher any
  next
  end
end


Cipher strength:

set cipher ?
any       Any cipher strength.
high      High cipher strength (>= 168 bits).
medium    Medium cipher strength (>= 128 bits).


This may have to be done on every authentication rule that allows Windows 7 and XP access through VPN SSL.


Labels:
1250
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.