Hi,
The situation where we have the error is using the shared connection of an iPhone and connecting with FortiClient from a Windows 11.
The iPhone is only used to provide Internet access to Windows laptops, the FortiClient is installed on those Windows laptops and from here the error sequence is the one I mentioned in the first message
- We connect and it asks for username and password
- We enter the data and it asks us for the FortiToken.
- Enter the code provided by FortiToken.
- After about 12 seconds the client does not connect and in the firewall logs appears the message “delete IPsec phase 1 SA”.
This is the progress of the connection in phase 1 of IPsec:
2024/09/26 11:40:55 -> negotiate IPsec phase 1 -> XAuth authentication successful
2024/09/26 11:40:55 -> progress IPsec phase 1 -> OK
2024/09/26 11:40:55 -> progress IPsec phase 1 -> DONE
And 12 seconds later the message “delete IPsec phase 1 SA” is displayed.
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Cuervo
From FG, run this:
diag debug app ike -1
diag debug app fnbamd -1
diag debug enable
From FCT side, export the logs and check if something relevant there.
Also try disable any IPv6 config on your phone (for hotspot dhcp clients) or on your PC and keep only IPv4 then see if it helps.
Hi AEK,
I will go back to get the logs you indicate and review them more calmly, but I was looking at them and there was nothing strange.
This morning I tested in the same conditions 2 more profiles that we have with different Local ID and I can access without problems.
I mean using the same laptop connected via hot-spot to the same iPhone, using the profile with Local ID for example 60 and 70 works perfectly and trying to connect to Local ID 50 does not work.
Thanks.
Have you ran a simple ping to your external interface of your firewall from the users home internet connection? And run it for a while not just the standard 4 pings. If that isn’t stable at all (wired or wireless) then that needs to be fixed first, if it is stable wired but not wireless then the user needs to fix that by either moving the router to a better spot in relation to where they work. But if the ping is stable with good reply times both wired and wireless then the ISP should be involved to make sure no firewall settings on the modem are causing this issue https://tutuapp.uno/ .
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.