FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 190478


This article describes how to rectify 'failed to establish the VPN connection', '5029 error'.


While connecting the FortiClient the below-mentioned error can appear.

This error happens because of the TLS mismatch.
Go to Internet explorer -> Settings -> Internet options -> Advanced, scroll down and check the TLS version.

From the above Image only TLS 1.2 is selected on client end while the FortiGate does not support TLS 1.2, check the output below.
Verify the TLS settings configured on FortiGate end as well as the TLS settings on the client end.
(settings) # sh ful
# config vpn ssl settings

    set reqclientcert disable
    set ssl-max-proto-ver tls1-1
    set ssl-min-proto-ver tls1-0
Now, select the TLS 1.1 and TLS 1.0 on client machine end or change the TLS version to 1.2 on FortiGate end will be needed.
In this case, change the settings on client machine end.
As soon as settings are changed connect the FortiClient is possible.



Server Certificate 


If all step here has been followed by still getting same error to connect, make sure to check


the server certificate are set and not empty.  This can be verify under SSL-VPN Setting -> Server


Certificate. Please change it accordingly.




After certificate has been set, it will be possible to connect to SSL-VPN.