Noticing the below error in FortiClient sslvpnlib.log:

[2025-02-06 14:46:46.6019017 UTC+10:30] [1812:11424] [sslvpnlib 5210 info] >>>>DoConnect(turbo-rr0k6rlw.edge.prod.fortisase.com:443) ...
[2025-02-06 14:46:46.6019204 UTC+10:30] [1812:11424] [sslvpnlib 2550 info] Called. Server=turbo-rr0k6rlw.edge.prod.fortisase.com, realm=, username=
[2025-02-06 14:46:46.6213031 UTC+10:30] [1812:11424] [sslvpnlib 2009 error] CSslvpnBase::GetWebPage:2009, URL=/remote/info, retry:0, LastError=0, Callback_Context.m_dwError:12007
[2025-02-06 14:46:46.6213589 UTC+10:30] [1812:11424] [sslvpnlib 2110 error] Empty web page, return FALSE.
[2025-02-06 14:46:46.6214257 UTC+10:30] [1812:11424] [sslvpnlib 501 debug] <<<<DoConnect(): bRC=0, ErrorCode=-5010

To resolve the issue of error code '5010', check if the machine has a system-wide proxy configured:

> netsh winhttp show proxy

The SSL VPN remote gateway (FQDN or IPA) should be included in the proxy exclusion list.

In some cases, this causes the issue. Because users set endpoints to connect to FortiGate via SSL VPN only from AD domain joined machines, other machines worked fine. The reason was that only AD-joined machines received the GPO that configures the system-wide WinHTTP proxy.

To add the bypass server, select Start -> Run, type cmd, and select OK.

At the command prompt, run the following command and then press Enter:

netsh winhttp set proxy *.edge.prod.fortisase.com (example)

To verify the current proxy configuration can run the below command and see the whole list:

netsh winhttp show proxy

Related documents:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/installing-updates-features-roles/wind...

https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/network/add-element-fo...