FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bvagadia
Staff
Staff
Article Id 205111
Description

This article describes when users are using a web-based VPN and can connect to the VPN, but through FortiClient, they are facing issues.

Scope FortiGate.
Solution
  1. Take the debug for the VPN user with the following command:

 

diagnose debug application sslvpn -1

diagnose debug flow filter addr x.x.x.x <----- User public IP.

diagnose debug enable

 

  1. If the compatibility is not there, the following error in the debug will appear:

 

[2535:root:35b]client sent request without hostname (see RFC2616 section 14.23): /.

[2535:root:35b]sslConnGotoNextState:297 error (last state: 1, closeOp: 0)

[2535:root:35b]Destroy sconn 0x311ab100, connSize=1. (root)

 

Between FortiGate and FortiClient, compatibility has to be there, if it is not, a logout post will appear while connecting to the VPN.

 

It is possible to check the compatibility by using the link below:

FortiClient EMS Compatibility Chart

 

Use the proper client version and check the connection. If the issue is still there, create a ticket through the Fortinet Support Portal.