FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 242594


This article describes that it is possible to encounter this problem when using an Android device connecting to the SSL VPN with two-factor authentication. The connection attempts will fail before getting the two-factor code.




FortiGate SSL VPN with Android clients.




On Forticlient logs, the error message will appear : SSLCONNFAILED.


When checking the SSL VPN debug on FortiGate, the following example logs will be displayed :


2022-11-10 15:45:05 [284:root:452c]SSL state:fatal internal error (x.x.x.x)
2022-11-10 15:45:05 [284:root:452c]SSL state:error:(null)(x.x.x.x)
2022-11-10 15:45:05 [284:root:452c]SSL_accept failed, 1:EVP lib
2022-11-10 15:45:05 [284:root:452c]Destroy sconn 0x7f77f21f00, connSize=12. (root)


As a workaround, it is possible to disable the two-factor authentication.
Alternatively, disabling the SSL VPN acceleration should solve the issue.


# config system global
    set sslvpn-kxp-hardware-acceleration disable
    set sslvpn-cipher-hardware-acceleration disable


The hardware acceleration on SSL VPN is removed from FOS 7.2 onwards so it is not expected to happen on version 7.2 onwards.


Related documents: