SSL VPN - Web mode disabled, but Forticlient connects in web mode
We would like to use SSL VPN in tunnel mode only. We have disabled the web mode on portal, but some users using Forticlient are connected in ssl-web mode. After numerous session resets clients finally connect in tunnel mode. Any ideas and help finding the reason is appreciated.
Have you created the Authentication rule, so users in question will be mapped unequivocally to the specific portal where the Web mode is disabled ? By your description sounds like they fall through and finally reach default rule which has Web mode enabled. It is also possible when you have the same users located in multiple AD groups with each group having different portals.
The users are authenticated and mapped to one portal. We use Azure as Identity Provider if that matters. This particular problem happens only to limited number of users, who have the very same group assignments as the rest, who never experience it and are able to connect normally.