Hi everybody,
we have a FortiGate acting as a VPN gateway for a client VPN for home office users. Authentication is done using Azure AD with SAML and the FortiClients are managed by an EMS though we only use the remote access profile.
Whenever I try to connect to the VPN, FortiClient asks for the Azure credentials and then fails with error "FortiClient VPN unable to establish VPN connection. The VPN server may be unreachable(-6005)". Connecting through web mode however, works, so the problem's not with the VPN or SAML config. I created a custom VPN connection using the exact same settings that are configured by the EMS profile. Yields the exact same result. If I disconnect the FortiClient from the EMS however, the connection established without any issues. The problem is independent from FortiClient version (tested with 7.2.3, 7.2.4 and 7.4.0), so my guess is that some setting on the EMS is interfering with the VPN but I haven't managed to find a solution yet.
Thanks in advance
Edit: After removing everything client related with FCRemover I was and doing a clean reinstall I was able to connect to the VPN sucessfuilly. After terminating the connection and attempting to connect a second time however, the issue returned.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I managed to fix the problem. Turns out the Clients internal browser is really bad at caching user credentials. Connection works the first time when you're asked to provide them but after that something goes wrong and all future connection attempts fail. Switched to using the external browser, forced him to ask for the credentials once more and boom, works like a charm. Haven't seen anyone else face this issue so it seems quite rare. Thx for the help tho.
Hi
Do you see the VPN server listed in the ZTNA destinations?
If so then this should be removed by EMS admin because the VPN server is being proxied by FCT.
I managed to fix the problem. Turns out the Clients internal browser is really bad at caching user credentials. Connection works the first time when you're asked to provide them but after that something goes wrong and all future connection attempts fail. Switched to using the external browser, forced him to ask for the credentials once more and boom, works like a charm. Haven't seen anyone else face this issue so it seems quite rare. Thx for the help tho.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.