Hey @AEK, thanks for replying!

The only relevant FortiClient log is the following:

4/15/2024 1:24:20 PM	info	sslvpn	date=2024-04-15 time=13:24:19 logver=1 id=96600 type=securityevent subtype=sslvpn eventtype=status level=info uid=FE669A598C0F46AABA80C6660AE8CDA4 devid=FCT80004XXXXXXXX hostname=DESKTOP-JDR6DA5 pcdomain=N/A deviceip=10.255.XXX.XXX devicemac=f4-4e-XX-XX-XX-XX site=N/A fctver=7.2.4.0972 fgtserial=FCT80004XXXXXXXX emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=XXXXXXX msg="SSLVPN tunnel status" vpnstate=disconnected vpnuser=XXXXX

When I hit "connect" after typing my username and password, the VPN client just flashes briefly, but nothing happens.

Windows does say the following:

The remote FortiGate can 100% be reached over the network, but FortiClient doesn't seem to even try.

Hi Shiva,

1. Yes, we have reinstalled the FortiClient multiple times. FC 7.0.12 works with no issues.

2. It does not look like the FortiClient 7.2 even tries.

3. No other VPN but there is Symantec AV.

Hi,

- You can confirm if it is sending the packets out or not by taking wireshark capture or a sniffer in the firewall.
- You can try to disable the AV and verify the VPN.

- We may have to check Diagnostics tool output such as FortiTray logs from the Client. If the above 2 steps are not giving the expected result then you can collect the Dignostics tool output and open a support ticket. 

Regards,

Shiva

Hi Shiva,

I did try to open a support ticket but was refused support, as I do not have a FortiClientEMS license.

My ticket number was 9386623.

Could you advise if I were to open a ticket again, would I face the same issue? I do not mind putting in the effort to troubleshoot, but I would not want to be going in circles if my support ticket would be closed due to me using free VPN.

Thank you!

You can still try open the ticket using FG SN.

By the way, did you try from the client to access https://vpnserver:port

(use the gateway address and port as entered in FortiClient VPN config)

Hi @AEK, yes, we did try from the client to access https://vpnserver:port and it works and connects fine.

Just wanted to point out again that this is flawless in FC 7.0, and is only an issue in FC 7.2.

Also wanted to share that I previously opened the case under my FG SN but was denied support and redirected to the forum.

Here is the correspondence:

Dear Customer,Hope you are well. 

Thank you for contacting Fortinet. My name is Denice and I’ll be assisting you with this case. 

Your case is open as P<4>, and you may refer to our Forti-Companion to Technical Support guide for case priority and SLA response time:https://support.fortinet.com/Information/DocumentList.aspx

I understand that you have a concern wherein your FortiClient on v7.2.x are not able to connect since it is setup as airgapped, and no issue s when you where on v7.0.11.Just to set your expectations, since the concern is for FortiClient, FortiClient Technical Support requires valid paid FortiClient or EMS license, and is not included with a FortiGate regular support.

Kindly refer to attached Release Notes page XX on technical support entitlement for FortiClient without paid license.https://docs.fortinet.com/document/forticlient/7.2.4/windows-release-notes/371487/introduction

If you have a serial number of EMS with a valid FortiClient support contract, please provide it to the ticket so I can endorse this ticket to the appropriate team. 

For a free standalone version of FortiClient you can obtain support on Fortinet forums - https://community.fortinet.com/

Thank you for your understanding.

Hi @fn-hmx 

Like @smaruvala suggested I think wireshark is a good way of troubleshooting to know what FortiClient is trying to do, and if it is trying to reach something on the internet before connecting to the VPN server, or if it is sending any DNS query... any such info can be useful for the troubleshooting.

Or in case you prefer avoid troubleshooting then you can just revert to 7.0.x.