Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dimitark
New Contributor

SSL VPN - Web mode disabled, but Forticlient connects in web mode

Hi Team, 

We would like to use SSL VPN in tunnel mode only. We have disabled the web mode on portal, but some users using Forticlient are connected in ssl-web mode. After numerous session resets clients finally connect in tunnel mode. Any ideas and help finding the reason is appreciated.

8 REPLIES 8
akristof
Staff
Staff

Hello,

Thank you for your question. Can you share some screenshots how Forticlient is connected in Webmode? Or how are you checking this exactly?

Adrian
dimitark

After login there's an error on the Forticlient:Forticlient.png

Here is what we see on the Fortigate:

fortigatedashboard.jpg

And the event log:

Untitleddssdsd.png

Yurisk
Valued Contributor

Have you created the Authentication rule, so users in question will be mapped unequivocally to the specific portal where the Web mode is disabled ? By your description sounds like they fall through and finally reach default rule which has Web mode enabled.  It is also possible when you have the same users located in multiple AD groups with each group having different portals.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
tio3udes
New Contributor III

Yes, you need to correctly map the user groups to the correct portal. And also, the Forticlient only uses tunnel-mode, so this is weird.

 

A problem here is that, even though web-mode is disabled, if you try to access the vpn portal address through browser, tha page is still presented, although no one will be able to authenticate.

ti03udes
ti03udes
dimitark
New Contributor

The users are authenticated and mapped to one portal. We use Azure as Identity Provider  if that matters. This particular problem happens only to limited number of users, who have the very  same group assignments as the rest, who never experience it and are able to connect normally.

Hoid
New Contributor

Did you ever find the root cause for this?  I'm seeing the same thing in my environment and am mystified as to why this is happening.

jklee
New Contributor

I am also seeing this. Using FortiClient 7.0.6.0290 to Fortigate 7.0.6Build0366. Just one user is failing to connect and FG logs show it's trying to connect via web mode.

BB1
New Contributor

Hi, does anyone found solution of this problem? In some cases users login correctly when change network to LTE...

Labels
Top Kudoed Authors