Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nageentaj
Staff
Staff

Created on ‎12-06-2022 07:06 AM Edited on ‎04-14-2025 10:44 PM By Moderator

Article Id 232398

Troubleshooting Tip: Create logs to troubleshoot being unable to connect to SSL VPN

Description This article describes the logs necessary to collect when troubleshooting an issue where the user is unable to connect to the SSL VPN.
Scope FortiOS.
Solution

Execute the following commands in the FortiGate, connect to SSL VPN, and observe the logs.

 

diagnose vpn ssl debug-filter src-addr4 <X.X.X.X> Client's IP

diagnose debug application sslvpn -1

diagnose debug application fnbamd -1

diagnose debug console timestamp enable
diagnose debug enable

 

Executing these commands will provide logs necessary to help the support team reproduce the issue by observing the logs for errors.

 

To disable

 

diagnose debug disable

diagnose debug reset

 

Note:

x.x.x.x should be the public IP of the connecting user. The filter will ensure that the debug information relevant only to traffic from the specified IP address is captured, helping to focus on specific client troubleshooting.

 

SSL VPN event logs can also be checked to get more details

 

Related articles:

Troubleshooting Tip: New CLI filtering commands to debug SSL VPN available in v5.4 

Troubleshooting Tip: SSL VPN Troubleshooting 
478
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.