Hi,
I many users who are using FortiClient since we migrated to FortiGate 100F.
One user has not been able to connect and he gets the following error message.
I have tried his laptop and used my credentials and it works fine which means there is no problem on FortiClient side.
I have done a reset of his password in DC. Still not working.
Is there a way i can see what is happening when he is trying to connect like a debug or any lg I can check on my FortiGate 100F?
Please see attached file.
He has only to put his username and password.
Thanks in advance
Tazio
Solved! Go to Solution.
Hi Tazio,
Kindly capture the below logs
diagnose vpn ssl debug-filter src-addr4 x.x.x.x ----where x.x.x.x is the public IP address on the client side
diagnose debug app sslvpn -1
diag debug application fnbamd -1
diagnose debug cons time en
diagnose debug enable
to stop the debug
diag debug disable
Regards
Jamal
Hi Tazio,
Kindly capture the below logs
diagnose vpn ssl debug-filter src-addr4 x.x.x.x ----where x.x.x.x is the public IP address on the client side
diagnose debug app sslvpn -1
diag debug application fnbamd -1
diagnose debug cons time en
diagnose debug enable
to stop the debug
diag debug disable
Regards
Jamal
Hi Jamal,
You save my day.
I did the debug and found the issue.
We also just introduced MFA with DUO platform and we tested the MFA when I was doing migration to FortiGate and everything was fine but then I bypassed all used because we are waiting a little bit to go live with DUO. This was the only user that I missed to bypass.
Everything working like a charm.
Thanks again.
Tazio
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.