Hi All, since upgrading our 300C to FortiOS 5.2.6 we're experiencing problems (randomly) with incoming connection through FortiClient and FortiVPNSSL. The connection process goes well untill 98% and than stop without any error message or, in some other cases, connect and immediately disconnect.
The problem has been noticed on both Win7 and Win10 clients on different FGT models (300C, 300D and 400D), with different firmware (5.2.3 and 5.2.6) and different FortiClient versions (4.0.2300 and 4.0.2323).
Fortinet support provided a FortiClient version (4.3.5.0472) to be tested => no success; then a "fix" for a similar problem observed on Win8 (even if we don't use this) found at http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630 => no success.
It also happen often that, after a succesful connection, the client is not able to connet anymore using both che vpn client and the web access. Sometimes a restart fix the issue, sometimw a vpn client reinstall fix the issue, sometimes nothing of these have effect...
What really make me think about some bug or, at least, some communication issue between the vpn client and the FGT is taht a restart of the process vpnssld on the FGTsolve temporarely the issue and everything start working as expected... until the problem show up again after a couple of days. It looks like some "communication" issue cause the vpn deamon to "hang" for that particular user (while others are able to connect in the meanwhile).
Did anyone experienced such an issue?
Thanks in advance
Bye
GC
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
We setup both SSL VPN profile and and IPSec tunnels available on our 500d, and have had users connect via the IPSec vpn profile as a workaround for Hotels, planes, hotspots, etc. we run forticlient 5.4 and 5.6 on a fortigate 5.4 (soon to be updating to 5.6).
Hey, I found a "solution"!
First of all, that's not a definitive solution, but works.
When you logon on VPN, your client will stuck on 98%, then, you'll open your Task Manager (Ctrl + Shift + ESC) and then you will search for "Network Command Shell" process. This is the process that make the computer crash, consuming a lot of memory ram. You'll need to end this process some times (3 times), every time that you kill this process, he's gonna back, but don't worry, at the third time (maybe fourth), your client will "unstuck" from 98% and you'll be connected 100%.
That's it for now! Thanks (sorry my English, I'm from Brazil)
Hey guys,
uninstalling-rebooting-reinstalling is not a solution! t's just some temporary workaround that fix the issue until it happen the next time. You got the same by killing the vpnssld on the affected FGT or following the instructions from fortinet here http://kb.fortinet.com/kb/documentLink.do?externalID=FD36630 but..
..as Fortinet confirmed that this is a bug (someone read the messages?) the only way for a solution is to get an (hopefully) working client which address the problem.
I got in PM lot of people having the same issue on 300C, 100D and some other models so it don't make sense to try solving this working on the single client..
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
On Windows 8.1 (or 2012 R2), the following Microsoft Software Hotfix may be helpful:
VPN gateway becomes unresponsive and a connection can't be established ...
On Windows 10, you may contact Fortinet Support to try the latest FortiClient 5.4 interim build,
The FortiClient version or build installed in a managed environment can be controlled by using the EMS.
Oh really Kolawale.. where did you get this info to contact Fortinet Support as they seem to have no idea what I'm talking about when I contacted them and had me install FortiClientSetup_5.2.5.0658_x64.exe.
This "fixed" the issue because like we've said before reinstalling the client seems to fix it for a bit.
See case #1674111
300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
Consider requesting for a 5.4 interim build from Fortinet Support.
Hi All,
just as an update..
..after several "interim" versions provided by Fortinet the problem persist. Moreover it was now noted on some "D" series models so my hope that ths was just some incompatibility with the 300C and 5.2.6 just crashed.
So no good news this time...
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
Gianluca,
Just checking to see if you have had any luck resolving this issue. We have recently started having this same issue with a new Windows 10 computer. We are running a FG60D with V5.2.3 and FortiClient with v5.4.0.0780. Getting stuck at 98% every time. We uninstalled and reinstalled the FortiClient on the Windows 10 machine today, and it worked for a few minutes. Now, it is failing again at 98%. Thanks!
Thanks,
-foshejh
Hi foshejh,
last week we moved from our old 300C powered by 5.2.6 to a new 600D running 5.2.7 and the problem, so far, seems to be resolved by himself. Fortinet support say that the issue is 100% due to some conflict on the client machine but, in my opinion, this is not true because: 1) everything start working fine again (for a while) just killing the sslvpn deamon on the FGT and 2) the problem now just disappeared and the clients are exactly the same.
I got the idea that the issue lie somewhere in a bad combination between hardware model and FGT firmware version but my ticket is still open (for almost 3 months now...) and the cause is still to be found.
Bottom line of this: if I were you I'd give a try to 5.2.7 just to check if some "hidden" bug as been corrected too. In the change log of this firmware version you'll find some reference to vpn issue and, even if Fortinet support says that the 98% issue is not related, something seems to work definitely better.
Hope not having talked too early...
Bye
Gianluca
FGT: 50E,100D, 200D, 600D
FMG: VM64
FAZ: VM64
Gianluca,
Thank you very much for your reply above! We will try to update to 5.2.7 in the coming days and will report back our findings asap! Thanks again, and I hope you have a great week!
-foshejh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.