Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TheITGuy
New Contributor

FortiClient wipes saved password, save pw option, and always up option

Hi all, I' ve had an on going issue with the Windows FortiClient, with pretty well all versions of 5 upwards at least. I use client certificate authentication, and enable save password, auto connect, and always up. Most of the time the FortiClient connects, but if it fails to connect after a few attempts (either manually or automatically) the following get reset: - the saved password - the option to save password - the option to always up At this point the VPN will never connect unless the user realises, then goes and enters their password and ticks both boxes. Does anyone else have this problem? Currently on v5.2.1 but still on going. Thanks
4 REPLIES 4
mmar5540
New Contributor

Hi, check on FortiGate side setting for IPsec phase1-interface cli parameter: save-password/client-auto-negotiate/client-keep-alive. This parameters must be enable.
kolawale_FTNT

As stated by mmar5540, starting with FortiClient 5.0.2, these features must be enabled on the FortiGate, for them to be usable on FortiClient. See page 108 of FortiClient Admin Guide: http://docs.fortinet.com/uploaded/files/1975/forticlient-admin-52.pdf
TheITGuy
New Contributor

Hi there, This is not the issue. This has been enabled on our FortiGate since way back, and all the clients get the three check boxes and are able to tick all three boxes. The issue is that occasionally, if the Forticlient fails to connect it then wipes the saved password and the Save Password and Always Up buttons become unchecked. Auto Connect remains checked. At this point the password is lost so even if you restart the client will not auto connect. I' ve had this problem on different laptops and with different versions of FortiClient v5. So I wanted to see if anyone else ever had this issue.
Chris_Lin_FTNT

When the authentication fail for VPN, it will remove the saved password, so that users get a chance to enter correct password. But if it fails to connect for other reasons, I think it should not remove the saved password. Are you using IPSec or SSL? Do you know why it fail to connect?
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors