Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
miguel_almeida
New Contributor

Created on ‎10-24-2019 02:22 PM

Forticlient - SSL VPN Error (-14)

Hello,

 

I have a corporate LAN/Wifi network and I have some users who need to connect to another site in company via SSL VPN (I can't do direct VPN with the other site). Within my corporate network they cannot make the connection, always gives the error: "Unable to establish VPN connection. The VPN server may be unreachable. (-14)". Stops at 80%.

Attempting to connect via an external network works without problems. Something is blocking the connection on my network but I still haven't figured it out, any idea how I can test the various hypotheses?

 

 

Fortigate 101E:

FortiOS v6.0.6 build0272

 

Forticlient: 6.2.2.0877

 

 Thank you

65539
0 Kudos
6 REPLIES 6
Toshi_Esumi
SuperUser
SuperUser

Created on ‎10-24-2019 09:14 PM

Explain more clearly about relation between your "corporate network" and "another site", then which side has the FG101E ("another site"? If not how to get to "another site" from the 101E?). And what is the auth method for SSL VPN users?

14504
0 Kudos
miguel_almeida
New Contributor
In response to Toshi_Esumi

Created on ‎10-25-2019 12:44 AM

Hello Toshi,

 

My site have the Fortigate 101E and another site have Fortigate 90D (I think). I am using my corporate network to connect through forticlient. Authentication/authorization for SSL VPN (port 443) is by LDAP server.

When I connect the forticlient he asks to authorize the certificate but then gives the error to 80%. My question is, my fortigate blocking any traffic or port? I am not using any particular block.

 

To have Internet in my fortigate (wan connection), I have a "home" ISP router with dynamic DNS.

14504
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to miguel_almeida

Created on ‎10-25-2019 09:53 AM

But those SSL VPN attemps goes through your 101E to get to the 90D to be terminated at. Is the LDAP server you're talking about located at the "another site"? Your local 101E can't do much to contribute to the problem because SSL VPN traffic is just outgoing TCP 443 (unless you or somebody changed it on the 90D) like any internet browsing.

The problem must be on the 90D side. First, check "config vpn ssl settings" to see if multiple profiles are configured. Then you probably need to run "diag debug app sslvpn -1" on the 90D then compare between accessing from the internet and accessing from your office.

 

 

14504
0 Kudos
scerazy
New Contributor III
In response to Toshi_Esumi

Created on ‎03-25-2020 02:44 AM

That artickle is rubbish for this error

-14 means most likely that user is in a group that does not have Tunnel access consigured for SSL Portal

14504
0 Kudos
boneyard
Valued Contributor
In response to scerazy

Created on ‎04-25-2020 12:26 AM

the article isnt that bad on itself, but the title is confusing as error -14 pops up for so many things. the one you mentioned but also several others. best would be if the developers dont add the text, but just use -14 generic error, because that is what it is.

 

for that article you could reach out to he documentation team and ask them to add some lines.

14504
0 Kudos
hisham211
New Contributor

Created on ‎05-13-2020 06:57 AM

I had the same exact issue. Internal client can connect to remote Fortigate from an un-secured WiFi but could not connect from behind my Fortigate 60F. My scenario is as follows:

 

my fortigate - 60F running fortiOS 6.2.3

my internal client - Windows 10 running forticlient 6.2.6.0951

 

end point fortigate - 300E running fortiOS 6.2.3

 

temporary solution was to disable SSL inspection on my end. now i'm going to work on a permanent solution with the remote network admin.

14504
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.