Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiGate VPN

Good day,


I have posted about this issue before but have got a bit further so wanted to start where I am.


I am running FortiGate 7.2 with a VPN NOT in Split Tunnel mode authenticating to DUO VPN and LDAP.


The current VPN was setup my someone else who has left the company and trying to create more "VPN - Tunnel All" so that I can give different Web Filters based on users AD group.


I have created the Firewall Rule below with an AD group "VPN-OUT-ITSU" currently disabled below which allows the VPN to connect and filters the Web Traffic correctly but does not allow the user to access local resources which is should.


I have noticed that when I try and connect on the new Firewall Policy via FortiClient VPN the percentage goes to 98% before I have to do the two-factor code, and the old one goes to 45% which is odd.


I cant see what is going wrong and why when I enable the new one and I test I cant get to any resources.


Thanks for any advice and help.




FortiGate 041223.png


Referring here: 

As your are using DUO as MFA for your remote users, the authentication might have timed out before the sslvpn connection got to complete. I would recommend to increase the remoteauthtimeout value from the default 5 seconds to something like 60 seconds.

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**

thanks for the reply, the VPN does connect and I can see it connected in the FortiGate console, it looks like its just not routing traffic to the local LAN.


Hi @julianhaines,


In that case, you can run debug flow to see if traffic is being dropped. Please refer to



Top Kudoed Authors