FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes an issue with IPsec VPN over TCP Support with Azure SAML on FortiGate v7.4. The article provides a solution to the problem where the VPN connection fails to establish and results in a timeout during the connection phase.
Scope
FortiGate, FortiClient.
Solution
The user's connection will be timed out while connecting to a VPN with a custom TCP port. Debug logs show similar output to the following.
ike V=root:accepts ike tcp-transport(vd=0, vrf=0, intf=0:4, 192.168.1.2:11257->x.x.x.x:62870 sock=34 refcnt=2 ph1=(nil)) (2). ike V=root:deletes tcp-transport(vd=0, vrf=0, intf=0:4, 192.168.1.2:11257->x.x.x.x:62870 sock=34 refcnt=2 ph1=(nil)) (2). ike V=root:destorys tcp-transport(vd=0, vrf=0, intf=0:4, 192.168.1.2:11257->x.x.x.x:62870 sock=34 refcnt=0 ph1=(nil)) (1).
This is due to an issue with FortiClient v7.4.1, 7.4.2, and 7.4.3. The issue is resolved in FortiClient v7.4.4.
If the free FortiClient version is being used used, contact technical support for further assistance.
