Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: FortiClient Remote Access IPsec-over-TCP not w...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClient Remote Access IPsec-over-TCP not working
Hi, I am running FortiOS 7.4.7 on a FortiGate-60F and am trying to migrate from SSLVPN to IPsec VPN.
I've managed to configure IPsec (IKEv2) dial-up to work fine, but I notice that when I set the mode to IPSec over TCP, FortiClient (v7.4.3) does not connect and times out. UDP mode works perfectly fine.
I also notice that TCP 4500 is not one of the local-in policies on the firewall.
Does a local-in policy need to be configured for this to work? Has anyone had any experience with this?
Thank you!
Labels:
- Labels:
-
FortiClient
-
FortiGate
49 REPLIES 49
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ensure that TCP port 4500 is included in your local-in policies. If it is not, you may need to create a rule to allow traffic on this port.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you manage to get this working? We are facing the exact same issue with a 90G.
FC 7.4.3.1790, FortiOS 7.4.7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, I have not. I think it may be a bug in 7.4.7, so am waiting for the next version to be released. Let me know if you make any headway.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1. FreeVPN FortiClient does not support IKEv2 over TCP. It works with the EMS connected version!
2. Both FortiOS and FortiClient will get a major enhancement in the next release (FortiOS 7.4.8 and FortiClient 7.4.4) that will address your issues...
M. B.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh... that would explain everything! Do you know ETA of FOS 7.4.8 or FC 7.4.4 and whether both are required to make this work or just the FC upgrade will do?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue on FortiOS side is different in nature from the FortiClient side. Troubleshooting this problem is hard as you do not know which side is causing the unexpected behavior. You may confirm the fix from Release Notes when published.
M. B.
Created on ‎04-20-2025 10:53 PM Edited on ‎04-20-2025 10:53 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@MZBZ Well, I'm using FortiClient VPN 7.4.2. And it's working as long as I enabled EAP "set eap enable" via CLI. And, FortiOS side is 7.4.6.
Toshi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Depends on the setup and history of FortiOS upgrades! It does not affect all setups.
M. B.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That means your statement No.1 "FreeVPN FortiClient does not support IKEv2 over TCP." is, at least, not always apply since it works in some cases.
That's my point.
Toshi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IKEv2 over TCP is not officially supported or provided with the Free VPN Client.
M. B.
Labels
-
FortiGate
10,210 -
FortiClient
2,078 -
FortiManager
864 -
5.2
687 -
FortiAnalyzer
668 -
5.4
638 -
FortiSwitch
564 -
FortiAP
546 -
FortiClient EMS
530 -
6.0
416 -
IPsec
370 -
FortiMail
363 -
5.6
362 -
SSL-VPN
353 -
FortiNAC
260 -
6.2
251 -
Fortiweb
247 -
FortiAuthenticator v5.5
234 -
SD-WAN
178 -
FortiAuthenticator
164 -
FortiGuard
159 -
5.0
152 -
Firewall policy
130 -
6.4
128 -
FortiCloud Products
114 -
FortiGateCloud
113 -
FortiSIEM
110 -
FortiGate-VM
110 -
FortiToken
108 -
Customer Service
107 -
Wireless Controller
96 -
High Availability
82 -
FortiProxy
76 -
ZTNA
70 -
Fortivoice
69 -
Routing
69 -
VLAN
69 -
FortiEDR
68 -
DNS
67 -
FortiADC
66 -
SAML
64 -
Authentication
62 -
BGP
62 -
Certificate
58 -
radius
57 -
FortiSandbox
53 -
SSO
52 -
FortiLink
52 -
LDAP
52 -
FortiExtender
51 -
NAT
50 -
4.0MR3
49 -
Application control
46 -
FortiDNS
43 -
VDOM
41 -
Interface
40 -
Logging
39 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
Virtual IP
38 -
Web profile
37 -
API
36 -
FortiConnect
34 -
FortiWAN
32 -
FortiPAM
32 -
FortiConverter
31 -
SSL SSH inspection
31 -
RMA Information and Announcements
28 -
FortiGate v5.2
27 -
Automation
27 -
Static route
25 -
FortiPortal
24 -
Traffic shaping
24 -
SSID
24 -
FortiSwitch v6.2
23 -
System settings
23 -
FortiGate Cloud
22 -
SNMP
22 -
WAN optimization
21 -
FortiMonitor
20 -
OSPF
19 -
Web application firewall profile
19 -
Web rating
18 -
IP address management - IPAM
18 -
FortiSOAR
17 -
Admin
17 -
Security profile
17 -
FortiAP profile
17 -
FortiDDoS
16 -
Antivirus profile
16 -
FortiCASB
15 -
Proxy policy
15 -
FortiGate v5.0
14 -
IPS signature
14 -
Explicit proxy
13 -
Traffic shaping policy
13 -
Intrusion prevention
13 -
FortiManager v4.0
12 -
FortiDeceptor
12 -
NAC policy
12 -
Traffic shaping profile
12 -
Port policy
12 -
FortiManager v5.0
11 -
FortiAnalyzer v5.0
11 -
FortiWeb v5.0
11 -
FortiBridge
11 -
FortiRecorder
11 -
FortiAI
11 -
DNS filter
11 -
Fabric connector
11 -
Trunk
10 -
Users
10 -
Application signature
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
FortiCache
8 -
FortiToken Cloud
8 -
Authentication rule and scheme
8 -
Vulnerability Management
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
VoIP profile
7 -
Cloud Management Security
7 -
FortiCarrier
6 -
FortiScan
6 -
FortiDirector
6 -
DLP profile
6 -
DLP sensor
6 -
DoS policy
6 -
FortiHypervisor
5 -
FortiNDR
5 -
FortiTester
5 -
Internet service database
5 -
Email filter profile
5 -
Protocol option
5 -
3.6
4 -
DLP Dictionary
4 -
File filter
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiCWP
3 -
Kerberos
3 -
Multicast policy
3 -
FortiInsight
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
FortiEdge Cloud
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
Subscription Renewal Policy
1 -
GPRS Tuneling Protocol
1 -
Virtual wire pair
1 -
Lacework
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2428 | |
| 1303 | |
| 778 | |
| 556 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.