FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nageentaj
Staff
Staff
Article Id 232398
Description This article describes the logs necessary to collect when troubleshooting an issue where the user is unable to connect to the SSL VPN.
Scope FortiOS.
Solution

Execute the following commands in the FortiGate, connect to SSL VPN, and observe the logs.

 

diagnose vpn ssl debug-filter src-addr4 <X.X.X.X> Client's IP

diagnose debug application sslvpn -1

diagnose debug application fnbamd -1

diagnose debug console timestamp enable
diagnose debug enable

 

Executing these commands will provide logs necessary to help the support team reproduce the issue by observing the logs for errors.

 

To disable

 

diagnose debug disable

diagnose debug reset

 

Note:

x.x.x.x should be the public IP of the connecting user. The filter will ensure that the debug information relevant only to traffic from the specified IP address is captured, helping to focus on specific client troubleshooting.

 

SSL VPN event logs can also be checked to get more details

 

Related articles:

Troubleshooting Tip: New CLI filtering commands to debug SSL VPN available in v5.4 

Troubleshooting Tip: SSL VPN Troubleshooting