Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
jiahoong112
Staff
Staff

Created on ‎05-22-2025 12:02 AM Edited on ‎08-07-2025 05:01 PM By Moderator

Article Id 393017

Troubleshooting Tip: Users connecting from CGNAT network are unable to connect to FortiSASE

Description

This article describes what to do when client devices behind a CGNAT network fail to connect to FortiSASE VPN.
Scope FortiSASE.
Solution

Follow the steps in the following KB article to perform a capture using Fortinet Support Tool on FortiSASE: Technical Tip: How to perform an SSL VPN debug on a specific Point of Presence (PoP) in FortiSASE.

 

Opening the capture taken with the Fortinet Support Tool:

 

jiahoong112_0-1747896233401.png

 

The 'source IP check failed' error message can be seen as highlighted.

A change will have to be made on the FortiSASE backend to resolve the issue, and only the FortiSASE ops team is able to do this. Open a TAC ticket.
Labels:
368
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.