Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbhavsar
Staff
Staff

Created on ‎11-01-2024 06:11 AM Edited on ‎07-24-2025 05:43 AM By Community Manager

Article Id 354597

Troubleshooting Tip: FortiClient error 'Credentials or SSLVPN configuration is wrong. (-7200)'

Description This article describes how to resolve a scenario where FortiClient displays the error 'Credentials or SSLVPN configuration is wrong. (-7200)' Even though the configuration is correct.
Scope FortiGate.
Solution

Verify the configuration and make sure the gateway is reachable and that any FQDN being used resolves to the correct IP address.

FortiClient may show an error, like in the following screenshot example:


sslvpn-error.jpg
Run the following debug commands on FortiGate:

 

diagnose debug reset
diagnose vpn ssl debug-filter src-addr4 <user-public-ip>
diagnose debug application fnbamd 1
diagnose debug application sslvpn -1
diagnose debug console timestamp enable
diagnose debug enable

Error observed in debugs:


[2564:root:3b]User Agent: FortiSSLVPN (Windows NT; SV1 [SV{v=02.01; f=07;}])
[2564:root:3b]rmt_web_auth_info_parser_common:533 no session id in auth info
[2564:root:3b]rmt_web_access_check:804 access failed, uri=[/remote/logincheck],ret=4103,
[2564:root:3b]fsv_logincheck_common_handler:1356 sslvpn is in conserve mode or the ssl. interface is down.
[2564:root:3b]sslConnGotoNextState:318 error (last state: 1, closeOp: 0)
[2564:root:3b]Destroy sconn 0x7fc8ed441800, connSize=0. (root)
[2564:root:3b]SSL state:warning close notify (192.168.30.2)

After that, verify if the device is not in conserve mode using the following command:

 

diagnose hardware sysinfo conserve

 

To check SSL VPN state or if conserve mode has occurred in the system, run below command:

 

diagnose vpn ssl statistics
SSLVPN statistics (root):
------------------
Memory unit:               1
System total memory:       2111090688
System free memory:        1140170752
SSLVPN memory margin:      314572800
SSLVPN state:             conserve

Max number of users:       1
Max number of tunnels:     0
Max number of connections: 6

Current number of users:       0
Current number of tunnels:     0
Current number of connections: 0

 

If the device is not in conserve mode, the next item to check is the ssl.root interface by using the following commands:

 

config system interface

edit ssl.root

show full | grep status
set status up

next

end

 

Once the changes have been made, the user should be able to connect.

 

Note:
Starting from v7.6.3, the SSL VPN tunnel mode will no longer be supported, and SSL VPN web mode will be called 'Agentless VPN'.

SSL VPN tunnel mode replaced with IPsec VPN

Agentless VPN

 

Migrate SSL VPN to IPsec VPN:

SSL VPN to IPsec VPN

SSL VPN full tunnel for remote user
Labels:
1726
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.