Hi All, since upgrading our 300C to FortiOS 5.2.6 we're experiencing problems (randomly) with incoming connection through FortiClient and FortiVPNSSL. The connection process goes well untill 98% and than stop without any error message or, in some other cases, connect and immediately disconnect.
The problem has been noticed on both Win7 and Win10 clients on different FGT models (300C, 300D and 400D), with different firmware (5.2.3 and 5.2.6) and different FortiClient versions (4.0.2300 and 4.0.2323).
Fortinet support provided a FortiClient version (4.3.5.0472) to be tested => no success; then a "fix" for a similar problem observed on Win8 (even if we don't use this) found at http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630 => no success.
It also happen often that, after a succesful connection, the client is not able to connet anymore using both che vpn client and the web access. Sometimes a restart fix the issue, sometimw a vpn client reinstall fix the issue, sometimes nothing of these have effect...
What really make me think about some bug or, at least, some communication issue between the vpn client and the FGT is taht a restart of the process vpnssld on the FGTsolve temporarely the issue and everything start working as expected... until the problem show up again after a couple of days. It looks like some "communication" issue cause the vpn deamon to "hang" for that particular user (while others are able to connect in the meanwhile).
Did anyone experienced such an issue?
Thanks in advance
Bye
GC
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
Hi,
after a long ping-pong with Fortinet L1 support we got escalated to L2 and got noticed that this is "known issue" (bug ID 0232764). We got an "intermin" FortiClient version to test as it looks the problem in on the client side (but I've nio further details). I'll you posted.
Bye
Gianluca
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
Hi All,
just to infor you that we got notified by Fortinet that the "interim" client provided seems to have issues with Win7 thus is suitable for testing only on Win10 machines. After some testing we still got the issue on several Win7 client machines (but we've really few Win10 installations up to now). This thing is really getting weirder by the time...
Bye
Gianluca
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
I too have the same problem with FG 100D. How do we beat around this ?
Hi Henry,
no workaround that I know about. As I wrote we're testing a new "beta" claint that should address the issue. As for now it seems to work good but need some more testing to be sure that there's no any unlikey side effect...
Bye
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
I've been struggling with this.
The solution for us is to uninstall the client, restart the computer and then install the client again.
Sadly to say, this sometimes work, sometimes don't...
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
We have a customer with a 60D that had this occur on a Windows 10 computer starting on Saturday. No recent firewall updates have been made that I can think of. Just out of the blue started to lock up at 98%. Is the uninstall of FortiClient, reboot of the PC, and reinstall of FortiClient the best/only solution?
In my ticket, #1674111, the guy just gave me a copy of FortiClientSetup_5.2.5.0658_x64.exe and said try that. I had 2 of my PC techs who where having the problem almost 100% of the time with Win10 try it and they said it works.
This is odd because there is nothing special about this version and seeing as how version 5.4 is the latest version you'd think it would work. There is also no mention of what versions of FortiGate are compatible with what versions of FortiClient... and in a non-licensed environment the clients get updates from the internet and I can't control what version they run it makes me wonder how to prevent this.
So does 5.4 have issues with Win10? Who knows.
I really wish Fortinet would offer the same thing as Cisco ASA Secrutiy+ bundle. In this bundle for the ASA you get unlimited Cisco AnyConnect clients that are all controlled and upgraded from the ASA. On the Fortinet side I need to pay a full license for FortiClient even though I'm only interested in the SSL VPN part.
I'd happily pay some kind of reduced rate for FortiClient SSL VPN only or something like that. Are you listening Fortinet? I'm giving you pearls here.
300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.