Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JacksonFlackson
New Contributor

Created on ‎04-04-2024 02:55 PM

FortiClient and T-Mobile

Hello,

I've come across a number of posts about this topic on both FortiNet and T-Mobile forums but I haven't found a solution.

 

We have one user who has T-Mobile for home internet. She cannot use the FortiClient IPSec VPN consistently. When I was first setting up VPN for our users, I noticed this issue with my own T-Mobile hotspot on my iPhone and we were forced to also offer SSL-VPN. We implemented our new VPN and have been rolling fine for a few weeks now. However...

 

I came to learn this week that she'd actually been able to use the IPSec VPN and it was working fine for her. Then this week after she had a tech help her with an email issue, the IPSec VPN no longer works for her, and the SSL VPN disconnects on her frequently.

 

I worked with her for about an hour this morning. She has a Mitel 5340 phone in Teleworker mode which we used for communication while I did a remote support session with her. I noticed no issue with either the VoIP or the Remote session.

I made sure IPv6 was disabled on both the WiFi Adapter and the FortiClient Interfaces.

I dinked around with MTU values as suggested in a T-Mobile forum some years ago.

 

Nothing worked to get the IPSec vpn established.I also witnessed the SSL VPN bomb out on her, our phone call was un-interupted.

 

Has anyone figured out how to get FortiClient working over a T-Mobile modem successfully? It's a Wireless AC Connection from Laptop to Modem. Getting a Private IPv4 Address, doing NAT to the internet as is typical.

Labels:
2508
0 Kudos
5 REPLIES 5
johnathan
Staff
Staff

Created on ‎04-05-2024 01:35 PM

I don't have experience with T-Mobile connections myself, but it might be helpful if we debug the IPsec connection while replicating the failure. Should point us in the right direction at least.

Here would be the commands to run:
-----------------------------
di de res
di de app ike -1

di vpn ike log-filter dst-addr4 x.x.x.x <--- Public IP of the user. This syntax is for 7.2.x and 7.0.x.

OR
di vpn ike log filter rem-addr4 x.x.x.x <--- Public IP of the user. This syntax is for 7.4.x.

di de en


When you're done:
di de res
di de di

"Never trust a computer you can't throw out a window."
2440
0 Kudos
gctkmi
New Contributor

Created on ‎02-12-2025 08:46 AM

I would love to get some solution to this. it does happen anywhere you have tmobile, and i'm sure it's not on the fortinet side, more like tmobile 

767
0 Kudos
gctkmi
New Contributor

Created on ‎02-12-2025 11:07 AM

Disable IPv6 in the forticlient and other network cards in the computer. I'll get a group policy going to fix this annoying issue 

750
0 Kudos
sw2090
SuperUser
SuperUser

Created on ‎02-13-2025 11:19 PM

hm we used an ipsec over t-mobile hotspot these days (and the shop site still does). This works fine however it doesn't use FortiClient here.

But I also tested various IPSecs with FortiClient and T-Mobile Hotspot during the last months without any problems related to t-mobile...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
690
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.