FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
edgar1
Staff
Staff
Description
This article addresses the error message "Cannot connect to VPN. The VPN server could be unavailable." which may be seen when Windows 7 or Windows XP tries to connect to SSL VPN when using v5.4.

Scope
FortiGate All Models
FortiOS as of v5.4

Solution
In addition to enabling SSLv3 and/or TLSv1.0, it may also be needed to allow any cipher strength (high and medium):

conf vpn ssl setting
  set sslv3 enable     // might be needed
  set tlsv1-0 enable   // might be needed
  conf authentication-rule
  edit <rule_id>
    set cipher any
  next
  end
end


Cipher strength:

set cipher ?
any       Any cipher strength.
high      High cipher strength (>= 168 bits).
medium    Medium cipher strength (>= 128 bits).


This may have to be done on every authentication rule that allows Windows 7 and XP access through VPN SSL.


Contributors