Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tanguy
New Contributor

Forticlient VPN error 5029

I have a a Fortinet 100D 6.2.2 with 2 WAN.

SSL is configured on both WANs. 

The primary one is on a DMZ from ISP router and the second WAN has an public IP on it.

 

When I try to connect (tested with three computers) I have an error 5029 (mismatch TLS version. Please check TLS version settings"). So I checked on both client and VPN and it seems good and..it works with the other WAN, no problem.

It worked before, didn't make any modification...

 

Thanks for helping me !

5 REPLIES 5
boneyard
Valued Contributor

are you using SD-WAN or just two WAN links with seperate firewall rules and such?

 

it doesnt work for anyone on that one link?

 

is it possible the ISP does some weird inspection / protection on it?

Tanguy

Juste two wan. Dors n'y work fort aller user on a link. Worked before, Fortinet is on dmz. I have this isp on others fortinet and no problem. No protection (no UTM or SSL inspection)
RachelGomez123
Contributor

Solution


While connecting the FortiClient the below-mentioned error can appear.This error happens because of the TLS mismatch.
Go to Internet explorer -> Settings -> Internet options -> Advanced, scroll down and check the TLS version
From the above Image only TLS 1.2 is selected on client end while the FortiGate does not support TLS 1.2, check the output below.
Verify the TLS settings configured on FortiGate end as well as the TLS settings on the client end.
(settings) # sh ful
# config vpn ssl settings
set reqclientcert disable
set ssl-max-proto-ver tls1-1
set ssl-min-proto-ver tls1-0
Now, select the TLS 1.1 and TLS 1.0 on client machine end or change the TLS version to 1.2 on FortiGate end will be needed.
In this case, change the settings on client machine end.
As soon as settings are changed connect the FortiClient is possible.

 

Server Certificate

 

If all step here has been followed by still getting same error to connect, make sure to check

the server certificate are set and not empty. This can be verify under SSL-VPN Setting -> Server

Certificate. Please change it accordingly

After certificate has been set, it will be possible to connect to SSL-VPN.

 

Regards,

Rachel Gomez

RyanKam
New Contributor II

Manually changing Internet Options settings does not work for me but I found an alternate way to get it to work. Open CMD prompt and run the following command. May have to run as administrator: RunDll32.exe InetCpl.cpl,ResetIEtoDefaults

 

Windows update was released last week that killed a ton of our customers. Caspian IT Group figured out the solution.

akushwaha
Staff
Staff

Hi @Tanguy ,

Please refer to the below article regarding this issue and check if it helps:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiClient-TLS-error-5029-failed-to-estab...

Best regards,
Abhimanyu

Labels
Top Kudoed Authors