Description | This article describes that SSL VPN client processing/loading is stuck at 10% and fails immediately. |
Scope |
FortiGate v6.x.x and v7.x.x. |
Solution |
There are 2 scenarios:
In order to check:
To Avoid this issue: It is possible to specify the port number if the VIP is also required for the organization. Make sure that the port is different than the SSL VPN port. Otherwise, remove the VIP entry or use the secondary WAN IP if there is any.
Use the below debugs to see incoming SSL VPN connections.
diag debug application sslvpn -1
To stop the debug:
diag debug disable
and if there are any SSL VPN connections, run the below debug flow for more information about incoming SSL VPN traffic:
diagnose debug disable diagnose debug flow trace stop diagnose debug flow filter clear diagnose debug reset diagnose debug flow filter addr <client’s public address> diag deb flow filter port <SSLVPN port> diagnose debug flow show function-name enable diagnose debug flow show iprope enable diagnose debug console timestamp enable diagnose debug flow trace start 99 diagnose debug enable
It will be possible to see where the traffic is dropped and the reason.
Related document: Using the debug flow tool | FortiGate / FortiOS 7.4.1 | Fortinet Document Library |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.