Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Staff
Staff

Created on ‎02-19-2010 07:25 AM Edited on ‎03-06-2025 06:48 AM By Moderator

Article Id 195956

Technical Tip: Troubleshooting PPTP VPN users experiencing disconnections on the FortiGate

Description

 

This article describes how to troubleshoot PPTP VPN users experiencing disconnections on the FortiGate.


Scope

 

All supported versions of FortiOS.


Solution

 
The following steps can be used to understand why a PPTP VPN user is experiencing disconnections from the FortiGate and to enable the appropriate FortiOS debug depending on the type of PPTP VPN User.

  1. A PPTP VPN user connects to the FortiGate with local authentication. If the user disconnects and cannot connect, then connect the PC and enable the following FortiGate debug via the CLI.

diag deb enable
diag deb reset
diag deb console timestamp en
diag deb app ppp -1
diag deb app pptp -1
diag deb app authd -1
diag deb app fn -1
diag deb en
diag vpn pptp status

 

  1. Collect a sniffer trace on the port of the PPTP connection.

diag sniffer packet <Interface of pptp connection> 'local_ip_addr of pc' 6

  1. If the PPTP VPN User uses authentication with LDAP, enable the following debug with step 1.
 
diag test auth ldap (ldapservername in GUI) (username to test) (pwd user)
diag test auth ldap LDAP_Server user password
 
  1. If the PPTP VPN User uses RADIUS, collect the following debug output as well.

 

diag test authserver radius <server_name> <chap | pap | mschap | mschap2> <username> <password>

  1. If debugging for an authenticated user needs to be taken again, use the following commands to clear the session.
 
diag deb reset
diag deb console time en
diag deb app fnbamd -1
diag deb enable
 
  1. Compare the debug with the PPTP disconnect message on the PC. A full list of PPTP disconnect messages may be found in this Microsoft support article.


Should the problem persist, open a support ticket via the Fortinet Support Portal at https://support.fortinet.com/. Attach the debug information collected in steps 1-5 to the ticket.

Labels:
7936
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.