|
In supported firmware versions, FortiGate can be configured as an SSL VPN client to connect to an SSL VPN server running on another FortiGate. See FortiGate as SSL VPN Client
The TVC process is responsible for establishing a client connection over SSL VPN. FortiOS TVC diagnostics are not relevant for troubleshooting SSL VPN connections between FortiClient and FortiOS.
When troubleshooting issues establishing or communicating over an SSL VPN tunnel between two FortiGate devices, the following diagnostics are useful:
Client FortiGate
diagnose debug application tvc -1 <----- Tunnel Virtual Connection process.
diagnose debug application sslvpn -1 <----- SSL-VPN process.
diagnose debug application fnbamd -1 <----- Authentication daemon.
diagnose debug enable
Server FortiGate
diagnose vpn ssl debug-filter src-addr4 <public IP Address of client FortiGate>
diagnose debug application sslvpn -1 <----- SSL-VPN process.
diagnose debug application fnbamd -1 <----- Authentication daemon.
diagnose debug enable
To stop the debug:
diagnose vpn ssl debug-filter clear
diagnose debug reset
diagnose debug disable
In v7.6.3 and later, SSL VPN tunnel mode is not available; see SSL VPN tunnel mode replaced with IPsec VPN.
In these firmware versions, FortiGate cannot act as an SSL VPN server for FortiClient and FortiGate SSL VPN clients. A FortiGate on these firmware versions cannot be configured as an SSL VPN client.
|
