FortiClient connected but no network

Michaelma · ‎01-31-2018

Hi,

I have a user that connects to my FortiGate 110C.

he uses the latest Forticlient.

What happens is that the client is connected. I can see it is connected, yet the "Bytes Received" is not updating. looks like a false connection or no connection coming through.

I removed the latest forti client and installed an old version vpn-ssl, but it get disconnected almost immidiatly.

Need your help here.

Thanks,

Michael

SteveG · ‎01-31-2018

I've seen this on IPSec VPN's when the users home router is dropping IPSec or they haven't enable IPSec pass through on their router. Using SSL gets around this but sounds like something isn't quite right with the SSL config if the session is dropping straightaway.

Nancy_Kivlen · ‎01-31-2018

My problem is that forticlient can't connect with the VPN error message -20900. how do I fix that?

SteveG · ‎02-01-2018

Are you talking IPSec or SSL? The way I tackle IPSec VPN connectivity issues is:

Run a capture on the Fortigate on the WAN interface filtering on the external IP of the FortiClient. You should see protocol 50 (if using IPSec) while IKE is being established, once Phase 1 is up you'll then see UDP 4500 which is actually the encrypted payload (Phase 2). So for instance if you generate a ping form the client PC to something at the other end of the VPN you'll see a packet using UDP 4500 from the FortiClient to the FortiGate, then the return traffic from the FortiGate to the external IP of the Forticlient. In this instance if you don't see UDP 4500 from the Client to the Gate then the local device is filtering IPSec traffic.

Michaelma · ‎02-06-2018

It's a bit uncomfortable to have these checks. the laptop is in another worker hands in another country.

what i can say is that:

1. It happens also when she uses the laptop with her Mobile phone as an access point, so it's not the home router.

2. Her Laptop is: Asus UX360C Notebook

3. Here are the network adapters she has:

[00000000] Microsoft Kernel Debug Network Adapter

[00000001] PPPoP WAN Adapter

[00000006] Intel(R) Dual Band Wireless-AC 8260

[00000007] Microsoft Wi-Fi Direct Virtual Adapter

[00000008] Bluetooth Device (RFCOMM Protocol TDI)

[00000009] Bluetooth Device (Personal Area Network)

[00000010] WAN Miniport (SSTP)

[00000011] WAN Miniport (IKEv2)

[00000012] WAN Miniport (L2TP)

[00000013] WAN Miniport (PPTP)

[00000014] WAN Miniport (PPPOE)

[00000015] WAN Miniport (IP)

[00000016] WAN Miniport (IPv6)

[00000017] WAN Miniport (Network Monitor)

[00000018] Microsoft Teredo Tunneling Adapter[/ul]

Asus UX360C Notebook

chrizonline · ‎05-31-2018

Hi,

I have the same problem on my mac with Forticlient 5.6.

Forticlient on windows works

abhilash_rs · ‎06-17-2020

I have the same problem as it is, when vpn connected network icon goes to exclamation but i can connect to my office machine behind the firewall but not to internet. This is not happening on all users of ipsec vpn users. some specific users have this issue. please tell me the possible solution for this