The primary one is on a DMZ from ISP router and the second WAN has an public IP on it.
When I try to connect (tested with three computers) I have an error 5029 (mismatch TLS version. Please check TLS version settings"). So I checked on both client and VPN and it seems good and..it works with the other WAN, no problem.
While connecting the FortiClient the below-mentioned error can appear.This error happens because of the TLS mismatch. Go to Internet explorer -> Settings -> Internet options -> Advanced, scroll down and check the TLS version From the above Image only TLS 1.2 is selected on client end while the FortiGate does not support TLS 1.2, check the output below. Verify the TLS settings configured on FortiGate end as well as the TLS settings on the client end. (settings) # sh ful # config vpn ssl settings set reqclientcert disable set ssl-max-proto-ver tls1-1 set ssl-min-proto-ver tls1-0 Now, select the TLS 1.1 and TLS 1.0 on client machine end or change the TLS version to 1.2 on FortiGate end will be needed. In this case, change the settings on client machine end. As soon as settings are changed connect the FortiClient is possible.
If all step here has been followed by still getting same error to connect, make sure to check
the server certificate are set and not empty. This can be verify under SSL-VPN Setting -> Server
Certificate. Please change it accordingly
After certificate has been set, it will be possible to connect to SSL-VPN.
Manually changing Internet Options settings does not work for me but I found an alternate way to get it to work. Open CMD prompt and run the following command. May have to run as administrator: RunDll32.exe InetCpl.cpl,ResetIEtoDefaults
Windows update was released last week that killed a ton of our customers. Caspian IT Group figured out the solution.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.