Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiClient and T-Mobile


I've come across a number of posts about this topic on both FortiNet and T-Mobile forums but I haven't found a solution.


We have one user who has T-Mobile for home internet. She cannot use the FortiClient IPSec VPN consistently. When I was first setting up VPN for our users, I noticed this issue with my own T-Mobile hotspot on my iPhone and we were forced to also offer SSL-VPN. We implemented our new VPN and have been rolling fine for a few weeks now. However...


I came to learn this week that she'd actually been able to use the IPSec VPN and it was working fine for her. Then this week after she had a tech help her with an email issue, the IPSec VPN no longer works for her, and the SSL VPN disconnects on her frequently.


I worked with her for about an hour this morning. She has a Mitel 5340 phone in Teleworker mode which we used for communication while I did a remote support session with her. I noticed no issue with either the VoIP or the Remote session.

I made sure IPv6 was disabled on both the WiFi Adapter and the FortiClient Interfaces.

I dinked around with MTU values as suggested in a T-Mobile forum some years ago.


Nothing worked to get the IPSec vpn established.I also witnessed the SSL VPN bomb out on her, our phone call was un-interupted.


Has anyone figured out how to get FortiClient working over a T-Mobile modem successfully? It's a Wireless AC Connection from Laptop to Modem. Getting a Private IPv4 Address, doing NAT to the internet as is typical.


I don't have experience with T-Mobile connections myself, but it might be helpful if we debug the IPsec connection while replicating the failure. Should point us in the right direction at least.

Here would be the commands to run:
di de res
di de app ike -1

di vpn ike log-filter dst-addr4 x.x.x.x <--- Public IP of the user. This syntax is for 7.2.x and 7.0.x.

di vpn ike log filter rem-addr4 x.x.x.x <--- Public IP of the user. This syntax is for 7.4.x.

di de en

When you're done:
di de res
di de di

"Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth."
Top Kudoed Authors