Hi,
We are using FortiGate firerwall(v7.2.5 build1517) and the FortiClient SSL VPN(v7.0.70345) on all our laptops, the problem is that the FortiClient VPN keeps on disconnecting even though the internet connection is available on the laptops. This is happening intermediately.
Can you please advise what could be the cause of this issue?
Thank you in advance
Kind Regards,
Abel
Solved! Go to Solution.
Hello jsanjay ,
Please check the connectivity of Remote gateway .
In our case there was a packet drop in the Remote gateway server ip add .
Hello Abel,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hi there,
Can you link this issue to any change in your environment?
Have you tested other devices/FortiClient versions?
Is it possible for an effected user to use for a while web ssl portal instead of FCT tunnel mode?
That should help to identify if the issue is on firewall or client side.
https://docs.fortinet.com/document/fortigate/6.4.13/administration-guide/100733/ssl-vpn-web-mode
Did sslvpnd crash when the user reported the issue, are there other services crashing?
diag debug crashlog read
How's cpu/mem usage looking?
dia sys top
Check cpu/mem graphs, any spikes when the issue is reported?
Please follow the steps in this doc.
If no joy with these steps and web ssl portal cannot be used, or it has the same issues as FortiClient I can only think of running this debug on the firewall for longer and hope to capture the issue.
Identify a user, get the public IP address and filter for it in the debug.
Record the output to a file.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-log-file-of-a-session-usin...
Check what is the impact on the CPU/mem before leaving it on for a long time.
diagnose sniffer packet wan1 "host 1.1.1.1 and icmp" - this should keep putty/ssh sessions alive, that's the only reason is there.
If you manage to capture the issue, submit the debug to Technical Support along with a firewall config backup and tac report.
diagnose debug reset
di de duration 0
diagnose debug cons time en
diagnose debug application sslvpn -1
diagnose debug application fnbamd -1
dia vpn ssl debug-filter src-addr4 <CLIENTPUBLICIP>
diagnose debug enable
diagnose sniffer packet wan1 "host 1.1.1.1 and icmp"
to disable, "di de di"
I hope this helps.
We are facing same problem as mentioned by the USER :- ABEL .
We are using FortiGate firerwall(v7.2.5 build1517) and the FortiClient SSL VPN(v7.0.70345)
We have troubleshoot the all the possible measures suggested by " cchiriches" and " ndumaj " but couldnot succeed .
Hi Gauravb,
We will have to take the sslvpn debug and enable debug in the forticlient to analyze further.
https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-enable-debug-log-in-FortiClient/t...
Regards,
Vimala
Hi,
Beside all the debugs presented above.
Also do a quick check of the idle timeout value under "config vpn ssl settings"
Default value is 300 sec:
https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/364620/config-vpn-ssl-settings
BR
In addition to existing information, I have some follow-up questions;
- Enable DTLS on all user's FortiClients. [Recommendation]
- Have you verified if the issue is happening to just WiFi users but Ethernet-connected users?
- Have you also checked if the users having this problem are connected via the same ISP?
- Have you considered upgrading the FortiGate to the latest available patch in that branch?
I've been experiencing an problem with my FortiGate firewall (running v6.4.3) and FortiClient VPN (v6.4.0). The issue is that my VPN connection keeps dropping intermittently, despite having a stable internet connection on my devices. It's quite frustrating as it disrupts my work and remote access. I've checked my network stability, reviewed firewall settings, and ensured my VPN configuration is accurate.
We're encountering persistent disconnections with Forti Client SSL VPN (v7.0.70345) while maintaining an active internet connection on laptops. Despite internet availability, intermittent disruptions continue to arise. Our infrastructure, running FortiGate firewall (v7.2.5 build1517), is affected by this issue, requiring a solution to ensure stable VPN connectivity.
What is the OS of FortiClient machine? Is it Window 11? Have you tried with Wifi and Ethernet?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.