FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tnaik
Staff
Staff
Article Id 190882

Description


This article discusses the Quarantine IP address lost after reboot.

 

Scope

 

FortiGate

Solution


While connecting SSL FortiClient VPN the following error 'The vpn server may be unreachable (-14)' appears.

When a user is added in 'user definition' via LDAP and when the same user is added in 'user group' with the remote server option selected, SSL FortiClient VPN is not able to connect.
In the above case, when a user is trying to authenticate, it will explicitly reach the LDAP server using a remote server and checking email authentication on the server instead of FortiGate and failed to connect.


But 2FA email is configured on FortiGate, not at LDAP.

Check the setting below.

 
Below is the error message:
 
 
 
 
Once the remote server has been removed, the user is able to log FortiClient VPN successfully.
 
 
 
 
Considering it is expected behavior for 2FA email authentication, configure user only under member and keep remote server under remote group option without selecting any server.

 

Contributors