Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ben_browning
New Contributor

Forticlient SSLVPN Prelogon issue

Unable to connect to VPN on windows 10 via prelogon, get an 628 error.

 

- Windows 10 1803

- Forticlient 6.0.4.0182

- Fortigate 301E Firewall

- LDAP authentication

- Connecting to VPN within windows is successful.

- Trying to connect to VPN before windows 10 logon ( just comes up with an error 628) 

 

Has anyone else experienced this? or have any advice on how to resolve?

7 REPLIES 7
Atomizer
New Contributor

Hi,

 

Just want to inform, we are seeing the exact same problem.

FortiClient 6.0.4

Fortigate 200E

RADIUS Auth.

VPN within windows is working flawless.

We have a valid public certificate on the firewall.

 

VPN before windows logon shows error 628.

Atomizer

Im starting a support case tomorrow on this. And I'll inform here if I find a workaround.

 

Please also do the same. Thanks.

Synkrox

Atomizer wrote:

Im starting a support case tomorrow on this. And I'll inform here if I find a workaround.

 

Please also do the same. Thanks.

Did you get anywhere with this? Seeing the same here.

Chris

 

Atomizer

Sorry for not getting back.

 

Fortinet Support was not able to fix the problem, and we ultimately ended up not using the feature. :(

Their only solution was to use Legacy mode, which changed the look and feel of the feature to something that our customer would not accept.

 

If you want to refer to the case its this one: 3086347

 

Pasted the answer from the support case:

 

<use_legacy_vpn_before_logon> -- [1]

<use_windows_credentials> ------ [2]

<use_legacy_vpn_before_logon> -- [3]

 

<vpn>

<options>

<current_connection_name>a.b.c.d</current_connection_name>

<current_connection_type>ipsec</current_connection_type>

<autoconnect_tunnel />

<autoconnect_only_when_offnet>0</autoconnect_only_when_offnet>

<keep_running_max_tries>0</keep_running_max_tries>

<save_password>0</save_password>

<minimize_window_on_connect>1</minimize_window_on_connect>

<allow_personal_vpns>1</allow_personal_vpns>

<disable_connect_disconnect>0</disable_connect_disconnect>

<show_vpn_before_logon>1</show_vpn_before_logon> <----------------- 1

<use_windows_credentials>1</use_windows_credentials> <-------------- 2

<use_legacy_vpn_before_logon>1</use_legacy_vpn_before_logon> <---- 3

<show_negotiation_wnd>0</show_negotiation_wnd>

<vendor_id />

</options>

</vpn>

jonb2501

Could you clarify "Their only solution was to use Legacy mode, which changed the look and feel of the feature to something that our customer would not accept."  How did the look and feel change?

 

jonb2501
New Contributor

I have a customer with the same issue. Uninstalled it, reinstalled, repaired it, no change.

Has anyone opened a ticket with Fortinet and seen a workaround?

FSC_TIC
New Contributor

After 1 week of trying vpn SSL connection before logging into Windows Domain and not succeeding even with the help of online chat with Fortinet. I realized that with IPSEC VPN it does work.
I show the image.