Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Magnitude_8
New Contributor II

FortiClient 6.4.0 SSL VPN stops at 98%

Since upgrading to FortiClient 6.2, I have been unable to use my SSL VPN. It gets stuck at 98% and then gives up. I have now upgraded to FortiClient 6.4.0 and continue to have the same problem

 

There's a history of this issue with FortiClient SSL VPN and I see that in the FortiGate 6.4.0 release notes that it has been addressed with Bug ID 596757.

 

I've tried all the recommendations provided online and in these forums, including re-installing, resetting IP networking, recreating WAN miniport adapters, but still no luck.

 

I suppose I'd like to know if anyone has managed to actually resolve this issue and what was actually fixed with Bug ID 596757.

 

Thanks

8 REPLIES 8
bmduncan34
New Contributor III

While I was researching a similar problem but with an earlier version I found someone who recommended disabling TLS 1.0 and 1.1 in IE.  I tried that and it appeared like that error happened less.

Magnitude_8

bmduncan34 wrote:

While I was researching a similar problem but with an earlier version I found someone who recommended disabling TLS 1.0 and 1.1 in IE.  I tried that and it appeared like that error happened less.

Thanks bpduncan34, unfortunately that was one of the dozen fixes that hasn't worked for me. I'll give it another go and post here if there's any change.

zerodeplus

Hello ! I found something that worked for me ! Since yesterday I was stuck at 98% and I've tried everything (even reinstall Win10). And the "problem" found was my Internet connection !! I found myself really dumb after that !!! I need to log VPN forticlient and for that I was using my mobile phone hotspot.... It worked after I disable IPv6 to use IPv4 only !!! To disable IPv6 on Android device to use IPv4 only. Step 1 : Go to your Android device System Settings and tap on “Network & Internet” Step 2 : Tap on “Mobile network” Step 3 : Tap on “Advanced” Step 4 : Tap on “Access Point Names” Step 5 : Tap on the APN you are currently using Step 6 : “APN Protocol” Step 7 : Tap on “IPv4” Save the changes

I hope that helps !

PFranks

Thank you for this. That did the trick for me

EEHC

Thanks zerodeplus, you reply is very intelligent. I liked it and said it is great even if it will not solve. Fortinet has to fix it on the top and record it in its documents under your name. :)

EEHC
EEHC
thungo1604
New Contributor

Hello,

I have the same problem with 6.4.0 and 6.4.1 forticlient. I'm using the free version.

Some computers have the problem, and some not.

We've noticed that when we disable the IPV6 parameter on the Wifi network card, it finally manages to connect to SSL VPN.

I'm looking for the root cause of this problem because, disabling IPV6 on all our company's laptop is not a good solution.[&o]

EEHC
Contributor

Have you tried to use the Web browser instead of FortiClient? It is a faster and more good way to test the SSL VPN.

EEHC
EEHC
Nytro
New Contributor

We have 2 brand new 2601Fs HAs in different datacenters. we are still using the free client 6.0.9. we were upgrading everything to 6.4.10 previously at 6.2.7. we noticed an anomaly with the 6.4.10 FW so we left the second datacenter at 6.2.7 to do some comparisons while testing on the 6.4.10 FW. What I can confirm is if your client is configured to 'Prefer DTLS Enabled', it will hand at 98% for 10 seconds then go back to the login prompt. The FAC records show you logged in successfully (With FTM push). But definitely not connected on the local PC! This did not happen to any of our previous FOS versions. Fortunately that setting wasn't in the final build that went out to 20,000 users, as I am the one that builds and tests the FortiClient, but I had that setting on mine for years. The two 2601s in each datacenter are built identical except for the FOS version. the 2601 that is still at 6.2.7 does not have that issue. Just curious if you have that option turned off in the FortiClient settings? (our images for our Windows 10 agents only have allow TLS1.2 and TLS1.3 *Experimental* enabled in IE). 

Cheers!

Noel

Cheers! Noel
Top Kudoed Authors