FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Cookie acceptance must be enabled for SSL VPN to function in Web portal or with the FortiClient SSL client.

Access to Web portal or tunnel will fail if Internet Explorer with privacy (Internet Option) is set to High, in which case it will:
  • Block cookies that do not have a compact privacy policy.
  • Block cookies that use personally identifiable information without your explicit consent.
or if Firefox privacy has these parameters not enabled : "accept cookies from sites" and "accept third party cookies"

The symptoms will be:
  1. When trying to connect using FortiClient SSL VPN (standalone) the following error message "Unable to logon to the server. Your user name or password may not be configured properly for this connection. (-12)" is returned.
  2. When trying to login to the Web portal, login and password are entered and login page will be sent back.

SSL VPN, Web Portal, FortiClient SSL.

Enable cookie acceptance on the Web Browser to allow SSL VPN.
Workaround:  Make the Web Portal page a Trusted site in the Internet Option - Security.