Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortistk
New Contributor II

FortiClient SSLVPN Windows 11 routes problem

Hi All,

 

since some weeks we are getting connection problems using FortiClient SSLVPN on Windows 11 computers. Once the issue appears on a client there is no workaround applicable, simply stops working forever, not all the W11 PCs are affected (for now).

 

The client stops injecting the routes to the system, only the firewall public IP related route is added.

We believe the issue comes from the Windows endpoint and not from the Fortigate configuration.

Unfortunately there is no way for us to determine if the issue is related a windows update package.

 

We tried several release and combinations of the FortiClient SSLVPN (FortiSSLVPNclient.exe) and of the FortiClient VPN on several Fortigates without success. No manual or tool based removal or client reinstall solved the issue.

 

FortiClient VPN continues to work correctly.

 

The client debug log:

 

 

 

09/09/2022 12:16:58	info	sslvpn	date=2022-09-09 time=12:16:57 logver=1 id=96600 type=securityevent subtype=sslvpn eventtype=status level=info uid=ACEA487EC2714E9E905C532EE8FFFF devid=FCT8000000000000 hostname=PCAAA03 pcdomain=domain.com deviceip=10.7.7.176 devicemac=c8-34-8e-15-ae-00 site=N/A fctver=7.0.7.0345 fgtserial=FCT8000000000000 emsserial=N/A os="Microsoft Windows 11 Enterprise Edition, 64-bit (build 22000)" user=usr@domain msg="SSLVPN tunnel status" vpnstate=connected
09/09/2022 12:16:58	info	system	date=2022-09-09 time=12:16:57 logver=1 id=96900 type=traffic subtype=system eventtype=traffic level=info uid=ACEA487EC2714E9E905C532EE8FFFF devid=FCT8000000000000 hostname=PCAAA03 pcdomain=domain.com deviceip=10.7.7.176 devicemac=c8-34-8e-15-ae-00 site=N/A fctver=7.0.7.0345 fgtserial=FCT8000000000000 emsserial=N/A os="Microsoft Windows 11 Enterprise Edition, 64-bit (build 22000)" user=usr@domain msg="Traffic log" sessionid=305070737 srcname=sslvpn srcport=0 direction=outbound dstip=vpn.edilgroup.ch dstport=443 proto=6 rcvdbyte=25769803804 sentbyte=30064773111 utmaction=passthrough utmevent=vpn threat=connect userinitiated=0 browsetime=0
09/09/2022 12:17:16	info	system	date=2022-09-09 time=12:17:15 logver=1 id=96823 type=systemevent subtype=system eventtype=status level=info uid=ACEA487EC2714E9E905C532EE8FFFF devid=FCT8000000000000 hostname=PCAAA03 pcdomain=domain.com deviceip=10.7.7.176 devicemac=c8-34-8e-15-ae-00 site=N/A fctver=7.0.7.0345 fgtserial=FCT8000000000000 emsserial=N/A os="Microsoft Windows 11 Enterprise Edition, 64-bit (build 22000)" user=usr@domain msg="Checking for updates"
09/09/2022 12:17:16	info	system	date=2022-09-09 time=12:17:15 logver=1 id=96813 type=systemevent subtype=system eventtype=status level=info uid=ACEA487EC2714E9E905C532EE8FFFF devid=FCT8000000000000 hostname=PCAAA03 pcdomain=domain.com deviceip=10.7.7.176 devicemac=c8-34-8e-15-ae-00 site=N/A fctver=7.0.7.0345 fgtserial=FCT8000000000000 emsserial=N/A os="Microsoft Windows 11 Enterprise Edition, 64-bit (build 22000)" user=usr@domain msg="Software updates are disabled"
09/09/2022 12:17:16	debug	update	Update task is called with dwSession=-1
09/09/2022 12:17:16	debug	update	fctupdate.fortinet.net
09/09/2022 12:17:16	debug	update	start_update_thread() called
09/09/2022 12:17:16	debug	update	Impersonated=0
09/09/2022 12:17:16	debug	update	update started...
09/09/2022 12:17:16	debug	update	update done
09/09/2022 12:17:16	debug	update	update thread exit
09/09/2022 12:17:16	debug	update	Network connection problem.

 

 

 

 

Someone out there with the same issue?

 

Regards.

Stefano

 

11 REPLIES 11
Anthony_E
Community Manager
Community Manager

Hello Stefano,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Stefano,

 

I have found a similar discussion:

 

https://community.fortinet.com/t5/Fortinet-Forum/forticlient-vpn-issue-from-windows-11-laptop-OS-ver...

 

Could you please tell me if it is helping?

 

Regards,

Anthony-Fortinet Community Team.
fortistk
New Contributor II

Hi Anthony,

thnnk you for your reply.

Unfortunately all suggested checks have already been done withut results.

Regards.

Stefano

DMK
New Contributor

Did you ever managed to get this solved? I am experiencing the same problem with 22H2.

fortistk
New Contributor II

To date, no solution or workaround :(

DMK
New Contributor

We got it to work on 1 computer, but not all.  We do not even understand why it would work.
What we did is that we exchanged the hostname with the ip address of the VPN server.
After doing so, we can logon. It asks us to accept a certificate, but that is easily fixed by importing it (user certificate).

njatip
New Contributor

Hello!

I had the same problem and solved it uninstalling  update for windows (KB2693643)

njatip_0-1668779026184.png

I hope this can help you.

fortistk
New Contributor II

Solved installing FortiClientSetup_6.0.10.0297_x64.

It wortks on 100% of the comuters.

The version of SSLVPNcmdline is not important, you can leave the 6.x or use the 7.x.

KOBV-HUG

Thanks for your solution. It works for my setup with FortiClient SSLVPN from FortiTools.

Does FortiNet some any new infos about the issue with a newer versions of FortiClient?

There seems to be issues with setting ip routes for split tunneling. When i use FortiClient 7.x itself to establish a VPN connection, it works fine and i see new routes for split tunneling in the CMD. But if i connect via FortiClient SSLVPN (command-line) so i don't receive any new routes for VPN...

Only if i install FortiClient 6.0.10, i can use FortiClient SSLVPN and get my routes for split-tunneling.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors