Hi All,
since some weeks we are getting connection problems using FortiClient SSLVPN on Windows 11 computers. Once the issue appears on a client there is no workaround applicable, simply stops working forever, not all the W11 PCs are affected (for now).
The client stops injecting the routes to the system, only the firewall public IP related route is added.
We believe the issue comes from the Windows endpoint and not from the Fortigate configuration.
Unfortunately there is no way for us to determine if the issue is related a windows update package.
We tried several release and combinations of the FortiClient SSLVPN (FortiSSLVPNclient.exe) and of the FortiClient VPN on several Fortigates without success. No manual or tool based removal or client reinstall solved the issue.
FortiClient VPN continues to work correctly.
The client debug log:
09/09/2022 12:16:58 info sslvpn date=2022-09-09 time=12:16:57 logver=1 id=96600 type=securityevent subtype=sslvpn eventtype=status level=info uid=ACEA487EC2714E9E905C532EE8FFFF devid=FCT8000000000000 hostname=PCAAA03 pcdomain=domain.com deviceip=10.7.7.176 devicemac=c8-34-8e-15-ae-00 site=N/A fctver=7.0.7.0345 fgtserial=FCT8000000000000 emsserial=N/A os="Microsoft Windows 11 Enterprise Edition, 64-bit (build 22000)" user=usr@domain msg="SSLVPN tunnel status" vpnstate=connected
09/09/2022 12:16:58 info system date=2022-09-09 time=12:16:57 logver=1 id=96900 type=traffic subtype=system eventtype=traffic level=info uid=ACEA487EC2714E9E905C532EE8FFFF devid=FCT8000000000000 hostname=PCAAA03 pcdomain=domain.com deviceip=10.7.7.176 devicemac=c8-34-8e-15-ae-00 site=N/A fctver=7.0.7.0345 fgtserial=FCT8000000000000 emsserial=N/A os="Microsoft Windows 11 Enterprise Edition, 64-bit (build 22000)" user=usr@domain msg="Traffic log" sessionid=305070737 srcname=sslvpn srcport=0 direction=outbound dstip=vpn.edilgroup.ch dstport=443 proto=6 rcvdbyte=25769803804 sentbyte=30064773111 utmaction=passthrough utmevent=vpn threat=connect userinitiated=0 browsetime=0
09/09/2022 12:17:16 info system date=2022-09-09 time=12:17:15 logver=1 id=96823 type=systemevent subtype=system eventtype=status level=info uid=ACEA487EC2714E9E905C532EE8FFFF devid=FCT8000000000000 hostname=PCAAA03 pcdomain=domain.com deviceip=10.7.7.176 devicemac=c8-34-8e-15-ae-00 site=N/A fctver=7.0.7.0345 fgtserial=FCT8000000000000 emsserial=N/A os="Microsoft Windows 11 Enterprise Edition, 64-bit (build 22000)" user=usr@domain msg="Checking for updates"
09/09/2022 12:17:16 info system date=2022-09-09 time=12:17:15 logver=1 id=96813 type=systemevent subtype=system eventtype=status level=info uid=ACEA487EC2714E9E905C532EE8FFFF devid=FCT8000000000000 hostname=PCAAA03 pcdomain=domain.com deviceip=10.7.7.176 devicemac=c8-34-8e-15-ae-00 site=N/A fctver=7.0.7.0345 fgtserial=FCT8000000000000 emsserial=N/A os="Microsoft Windows 11 Enterprise Edition, 64-bit (build 22000)" user=usr@domain msg="Software updates are disabled"
09/09/2022 12:17:16 debug update Update task is called with dwSession=-1
09/09/2022 12:17:16 debug update fctupdate.fortinet.net
09/09/2022 12:17:16 debug update start_update_thread() called
09/09/2022 12:17:16 debug update Impersonated=0
09/09/2022 12:17:16 debug update update started...
09/09/2022 12:17:16 debug update update done
09/09/2022 12:17:16 debug update update thread exit
09/09/2022 12:17:16 debug update Network connection problem.
Someone out there with the same issue?
Regards.
Stefano
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Stefano,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hello Stefano,
I have found a similar discussion:
Could you please tell me if it is helping?
Regards,
Hi Anthony,
thnnk you for your reply.
Unfortunately all suggested checks have already been done withut results.
Regards.
Stefano
Did you ever managed to get this solved? I am experiencing the same problem with 22H2.
To date, no solution or workaround :(
We got it to work on 1 computer, but not all. We do not even understand why it would work.
What we did is that we exchanged the hostname with the ip address of the VPN server.
After doing so, we can logon. It asks us to accept a certificate, but that is easily fixed by importing it (user certificate).
Hello!
I had the same problem and solved it uninstalling update for windows (KB2693643)
I hope this can help you.
Solved installing FortiClientSetup_6.0.10.0297_x64.
It wortks on 100% of the comuters.
The version of SSLVPNcmdline is not important, you can leave the 6.x or use the 7.x.
Thanks for your solution. It works for my setup with FortiClient SSLVPN from FortiTools.
Does FortiNet some any new infos about the issue with a newer versions of FortiClient?
There seems to be issues with setting ip routes for split tunneling. When i use FortiClient 7.x itself to establish a VPN connection, it works fine and i see new routes for split tunneling in the CMD. But if i connect via FortiClient SSLVPN (command-line) so i don't receive any new routes for VPN...
Only if i install FortiClient 6.0.10, i can use FortiClient SSLVPN and get my routes for split-tunneling.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.