Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Error connecting to SSL VPN with Forticlient

Sorry if this has been posted before, but I haven't found any solution in any existing posts.


I have just setup SSL-VPN on my FG100D with FortiOS 6.2.3 build 1066, but are having some issues when connecting with FortiClient


When getting to 80% is says: "unable to establish the vpn connection. the vpn server may be unreachable. (-14)"


I can login to the web portal page with the same user/pass, so that should be OK. I have also tested with another user.

Users are created locally on the FW and added to a group "VPN_Local_Users")


Have also tested from multiple computers.


Any ideas?


See attached log file for more details.sslvpn-log.txt


New Contributor



Is this issue on Windows OS? If so, did you check if TLS is enabled under Internet Options > Advanced Settings? 




New Contributor

Stupid error....

But if it helps someone else:

I forgot to enable Tunnel Mode...


SSL-VPN Portals - edit portal

-Disable Split Tunneling

-Enable Tunnel Mode



Now it works with my local test user.


Still getting exactly the same error when trying an LDAP user. (have added the LDAP user group to the policy and mapped to portal etc...will start investegate. Tips are appreciated :)

New Contributor


Not beeing able to login with an AD user seems to be something with username/CNI context.


My test AD user:

Firstname: Test

Lastname: Testing

username: Testuser

In OU: Testusers


Scenario 1:

FG LDAP config:

Common Name Identifier: cn

Distinguished Name: OU=Testusers,DC=test,DC=local


Try to login to Forticlient / Webportal

User: Test Testing  --  Login [style="background-color: #00ff00;"]OK![/style]

User: Testuser  --  [style="background-color: #ff0000;"]Not OK[/style] (server unreachable (-14) blabla) or "access denied"


Scenario 2:

FG LDAP config:

Common Name Identifier: sAMAccountName

Distinguished Name: OU=Testusers,DC=test,DC=local


Try to login to Forticlient / Webportal

User: Test Testing  --  [style="background-color: #ff0000;"]Not OK[/style] (server unreachable (-14) blabla) or "access denied"

User: Testuser  --  [style="background-color: #ff0000;"]Not OK[/style] (server unreachable (-14) blabla) or "access denied"


Any ideas???

New Contributor III

Hello Frined,

If you are still having this issue, I have some hints for you, or otherwise please share the solution is it was already resolved.


From the attached log, I can see you are using Forticlient on Windows machine.


Just check from your Firewall the ssl-min and max allowed protocols by the using the following commands: 


config firewall ssl-server show full-configuration | grep ssl-min-version show full-configuration | grep ssl-max-version


Then according to the output, modify the register of the PC by going to the following path:




Make sure you have the key of the protocol you have found from the first step, ( at least one match ).


If not , the client and the fortigate are not having a common protocol to handshake by.


Also, if you want to add a new ssl protocol ( avoiding weak once ) you can create a key and and define 

DWORD Value named as Enabled with a value of 1 , then restart the pc and try the vpn.


I hope this will help you.





Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors