Hi,

I have a question regarding the timeout of the FortiClient, when connecting to a FortiGate.

My setup is a FortiGate 30D on the oneside and a PC running FortiClient 5.4 on the otherside. The PC with the FortiClient is (currently only for test reasons) connected over a local LAN to the external interface of the FG 30D. I've setup the parameters for IPSEC VPN on both sides and everything works fine(connection establish, access to the local site of the FG 30D). In the end, the connection between the Client and the FG is over a satellite-connection. Due to this I have in my test assembly a "satellite-simulator" which can delay ethernet packets a specified time.

When I establish the VPN connection and afterwards increase the delay stepwise, the connection interrupts at a delay(specified in the simulator) which corresponds with the parameters of the Dead Peer Detection. Meaning: Dead Peer Detection set to 5 sec with 3 replies; the connection interrupts at a delay of 8 sec and above (gives 16 sec delay for a reply of the FG unit to the Client after a message --> Dead Peer Detection ends the connection after 15 sec of no reply); This is totally what I expected.

But now my problem: When I set a certain delay before I establish the VPN connection, the connection only establish if the delay is lower than 4 sec. At a delay of 4 sec or higher the VPN connection does not establish and the FortiClient shows a message: VPN Connection Failure (same message as if the FG 30D is not connected to the LAN)

I assume there is a certain time-out in the FortiClient, how long it tries to connect, but I didn' found a possibility to change this timeout anywhere in the FortiClient (neither the GUI nor the xml configuration file); and it has definitly nothing to do with the Dead Peer Detection in this case.

Maybe someone has a clue how I can change this.

Thanks in advance for your replies!

regards,

christoph