Hello
I am using Forticlient for VPN connection to our office server on MAC OS HIGH SEIRRA version 10.13.4.
After my connection to server VPN automatically disconnects every 13-15 seconds with error codes 104 and later 110 and then reconnects again. As such i am not able to work. I feel that i may not have configured VPN properly, as such following is the configuration script as retrieved from Forticlient:-
<?xml version="1.0" encoding="UTF-8"?> <forticlient_configuration> <forticlient_version>5.6.1.0723</forticlient_version> <version>5.6</version> <date>2018-4-26</date> <os_version>MacOSX</os_version> <partial_configuration>0</partial_configuration> <system> <log_settings> <level>6</level> <max_log_size>10000000</max_log_size> <log_events>ipsecvpn,sslvpn,update</log_events> <remote_logging> <log_protocol>faz</log_protocol> <log_upload_enabled>0</log_upload_enabled> <log_upload_server></log_upload_server> <netlog_server></netlog_server> <log_upload_freq_hours>0</log_upload_freq_hours> <log_upload_freq_minutes>60</log_upload_freq_minutes> <log_upload_ssl_enabled>1</log_upload_ssl_enabled> <netlog_categories>7</netlog_categories> <log_retention_days>90</log_retention_days> </remote_logging> </log_settings> <proxy> <type>0</type> <address></address> <port>0</port> <username></username> <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password> <update>0</update> </proxy> <update> <use_custom_server>0</use_custom_server> <server></server> <port></port> <failoverport></failoverport> <fail_over_to_fdn>1</fail_over_to_fdn> <update_action>notify_only</update_action> <scheduled_update> <enabled>1</enabled> <type>interval</type> <update_interval_in_hours>1</update_interval_in_hours> </scheduled_update> <minimum_fct_version> <mac_os></mac_os> </minimum_fct_version> </update> <ui> <password>Enc 420d2ee65abded897a69c50f49955d5cb40971588e2ea7fd9c4daeaab82a79ce37e08664a4bdce9d38b1eaef9d2313ec1d20e2eaccbf0b8a50</password> <default_tab>VPN</default_tab> <culture_code>os-default</culture_code> <ads>1</ads> <replacement_messages> <quarantine> <title><![CDATA[]]></title> <statement><![CDATA[]]></statement> <remediation><![CDATA[]]></remediation> </quarantine> </replacement_messages> <avatars> <enabled></enabled> <providers> <google> <clientid><![CDATA[]]></clientid> <clientsecret><![CDATA[]]></clientsecret> </google> <linkedin> <clientid><![CDATA[]]></clientid> <clientsecret><![CDATA[]]></clientsecret> <redirecturl><![CDATA[]]></redirecturl> </linkedin> <salesforce> <clientid><![CDATA[]]></clientid> <clientsecret><![CDATA[]]></clientsecret> <redirecturl><![CDATA[]]></redirecturl> </salesforce> </providers> </avatars> </ui> <certificates></certificates> <os_allowed></os_allowed> </system> <antivirus> <real_time_protection> <signatures_up_to_date></signatures_up_to_date> <fct_signatures> <av></av> </fct_signatures> </real_time_protection> </antivirus> <vpn> <options> <autoconnect_tunnel></autoconnect_tunnel> <autoconnect_only_when_offnet>0</autoconnect_only_when_offnet> <keep_running_max_tries>0</keep_running_max_tries> <allow_personal_vpns>1</allow_personal_vpns> <disable_connect_disconnect>0</disable_connect_disconnect> </options> <ipsecvpn> <options> <enabled>1</enabled> <block_ipv6>1</block_ipv6> </options> <connections> <connection> <name>ERP_VPN</name> <type>manual</type> <ike_settings> <prompt_certificate>0</prompt_certificate> <description></description> <server>vpn.powergrid.in</server> <authentication_method>Preshared Key</authentication_method> <auth_key>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</auth_key> <mode>aggressive</mode> <dhgroup>5</dhgroup> <key_life>86400</key_life> <localid>3</localid> <nat_traversal>1</nat_traversal> <mode_config>1</mode_config> <enable_local_lan>0</enable_local_lan> <dpd>0</dpd> <xauth> <enabled>1</enabled> <prompt_username>1</prompt_username> <username>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</username> <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password> </xauth> <proposals> <proposal>AES128|SHA1</proposal> <proposal>AES256|SHA256</proposal> </proposals> <fgt>0</fgt> </ike_settings> <ipsec_settings> <remote_networks> <network> <addr>0.0.0.0</addr> <mask>0.0.0.0</mask> </network> <network> <addr>::</addr> <mask>0</mask> </network> <network> <addr>::</addr> <mask>0</mask> </network> </remote_networks> <dhgroup>5</dhgroup> <key_life_type>seconds</key_life_type> <key_life_seconds>43200</key_life_seconds> <pfs>1</pfs> <use_vip>1</use_vip> <virtualip> <type>modeconfig</type> <ip></ip> <mask></mask> <dnsserver></dnsserver> </virtualip> <proposals></proposals> </ipsec_settings> <on_connect> <script> <os>mac</os> <script></script> </script> </on_connect> <on_disconnect> <script> <os>mac</os> <script></script> </script> </on_disconnect> <keep_running>0</keep_running> <ui> <show_passcode>0</show_passcode> <show_remember_password>0</show_remember_password> <show_alwaysup>0</show_alwaysup> <show_autoconnect>0</show_autoconnect> </ui> </connection> </connections> </ipsecvpn> <sslvpn> <options> <enabled>1</enabled> </options> <connections></connections> </sslvpn> </vpn> <endpoint_control> <enable_enforcement></enable_enforcement> <enabled>1</enabled> <system_data>Enc 420d2ee65abded897a69c50f49955409e6327b0cdc27a6a8954bfdaaa32e58b339e2f71caab192ca67bceaed9c0757b71bf0fe0f499e761cad88dbe8bbeb84ae0cc83a775077c3dbd76adde59702f889be046283ae7f3db83607dd632dc6c32c172d4445421123f0f170f5c3998700ff916b447d73e1458362d1557f3224</system_data> <checksum></checksum> <custom_ping_server>:0</custom_ping_server> <log_last_upload_date></log_last_upload_date> <conf_recv_time>0</conf_recv_time> <fgt_logoff_on_fct_shutdown>0</fgt_logoff_on_fct_shutdown> <fortigates></fortigates> <ui> <display_antivirus>0</display_antivirus> <display_webfilter>0</display_webfilter> <display_firewall>0</display_firewall> <display_vpn>1</display_vpn> <display_vulnerability_scan>1</display_vulnerability_scan> <registration_dialog> <show_profile_details>1</show_profile_details> </registration_dialog> <hide_compliance_warning>0</hide_compliance_warning> </ui> <silent_registration>0</silent_registration> <disable_unregister>0</disable_unregister> <alerts> <notify_server>1</notify_server> <alert_threshold>1</alert_threshold> </alerts> <onnet_addresses></onnet_addresses> <onnet_mac_addresses></onnet_mac_addresses> <notification_server> <address>:0</address> <registration_password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</registration_password> </notification_server> <show_bubble_notifications>1</show_bubble_notifications> <avatar_enabled>1</avatar_enabled> </endpoint_control> <vulnerability_scan> <enabled>1</enabled> <scan_on_fgt_registration>0</scan_on_fgt_registration> <scan_on_signature_update>1</scan_on_signature_update> <windows_update>1</windows_update> <scheduled_scans> <schedule> <repeat></repeat> <type></type> <day></day> <time></time> </schedule> </scheduled_scans> <lowest_level_enforced>critical</lowest_level_enforced> <days_allowed>1</days_allowed> <auto_patch> <level>critical</level> </auto_patch> <exempt_manual>0</exempt_manual> <exemptions> <exemption></exemption> </exemptions> <exempt_no_auto_patch>0</exempt_no_auto_patch> </vulnerability_scan> <fssoma> <enabled>0</enabled> <serveraddress>:8001</serveraddress> <presharedkey>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</presharedkey> </fssoma> </forticlient_configuration>
The configuration file of Forticlient which works properly on Windows OS is as follows:-
<?xml version="1.0" encoding="UTF-8" ?> <forticlient_configuration> <forticlient_version>5.6.1.1115</forticlient_version> <version>5.6.1</version> <date>2017/11/09</date> <partial_configuration>0</partial_configuration> <os_version>windows</os_version> <system> <ui> <disable_backup>0</disable_backup> <ads>1</ads> <flashing_system_tray_icon>1</flashing_system_tray_icon> <hide_system_tray_icon>0</hide_system_tray_icon> <suppress_admin_prompt>0</suppress_admin_prompt> <password /> <culture_code>os-default</culture_code> <gpu_rendering>0</gpu_rendering> <replacement_messages> <quarantine> <title> <title> <![CDATA[]]> </title> </title> <statement> <remediation> <![CDATA[]]> </remediation> </statement> <remediation> <remediation> <![CDATA[]]> </remediation> </remediation> </quarantine> </replacement_messages> </ui> <log_settings> <onnet_local_logging>1</onnet_local_logging> <level>6</level> <!--0=emergency, 1=alert, 2=critical, 3=error, 4=warning, 5=notice, 6=info, 7=debug, --> <log_events>ipsecvpn,sslvpn,scheduler,update,firewall,shield,endpoint,configd,vuln</log_events> <!--ipsecvpn=ipsec vpn, sslvpn=ssl vpn, firewall=firewall, av=antivirus, sandboxing=sandboxing, webfilter=webfilter, vuln=vulnerability scan, wanacc=wan acceleration, fssoma=single sign-on mobility for fortiauthenticator, scheduler=scheduler, update=update, proxy=fortiproxy, shield=fortishield, endpoint=endpoint control, configd=configuration, --> <remote_logging> <log_upload_enabled>0</log_upload_enabled> <log_upload_server /> <log_upload_ssl_enabled>1</log_upload_ssl_enabled> <log_retention_days>90</log_retention_days> <log_upload_freq_minutes>60</log_upload_freq_minutes> <log_generation_timeout_secs>900</log_generation_timeout_secs> <netlog_categories>7</netlog_categories> <log_protocol>faz</log_protocol> </remote_logging> </log_settings> <update> <use_custom_server>0</use_custom_server> <server /> <port>80</port> <timeout>60</timeout> <failoverport /> <fail_over_to_fdn>1</fail_over_to_fdn> <use_proxy_when_fail_over_to_fdn>1</use_proxy_when_fail_over_to_fdn> <auto_patch>0</auto_patch> <submit_virus_info_to_fds>1</submit_virus_info_to_fds> <submit_vuln_info_to_fds>1</submit_vuln_info_to_fds> <!-- update_action applies to software updates only and can be one of: notify_only, download_and_install, download_only, disable --> <update_action>notify_only</update_action> <scheduled_update> <enabled>1</enabled> <type>interval</type> <daily_at>01:44</daily_at> <update_interval_in_hours>1</update_interval_in_hours> </scheduled_update> </update> <certificates> <crl> <ocsp /> </crl> <hdd /> <ca /> </certificates> </system> <endpoint_control> <enabled>1</enabled> <!--Format: <probe_timeout:keep_alive_timeout> in seconds. Default: <1:5>. Note: changing connect timeouts might affect performance.--> <socket_connect_timeouts>1:5</socket_connect_timeouts> <system_data>Enc e0ea4e78412c790a9453bcb700769fc892e4fe8a34875cfde7e14b98ad58a8c087f4e7cadd37b932aca999c782715aabf9e7c239f794c3cd890575013850e27920c42820e47538c1ca5231c49c7ae59a</system_data> <disable_unregister>0</disable_unregister> <disable_fgt_switch>0</disable_fgt_switch> <show_bubble_notifications>1</show_bubble_notifications> <avatar_enabled>1</avatar_enabled> <ui> <display_antivirus>0</display_antivirus> <display_webfilter>0</display_webfilter> <display_firewall>0</display_firewall> <display_vpn>1</display_vpn> <display_vulnerability_scan>1</display_vulnerability_scan> <display_sandbox>0</display_sandbox> <display_compliance>1</display_compliance> <hide_compliance_warning>0</hide_compliance_warning> <registration_dialog> <show_profile_details>1</show_profile_details> </registration_dialog> </ui> <onnet_addresses> <address /> </onnet_addresses> <onnet_mac_addresses> <address /> </onnet_mac_addresses> <alerts> <notify_server>1</notify_server> <alert_threshold>1</alert_threshold> </alerts> <fortigates> <fortigate> <serial_number /> <name /> <registration_password /> <addresses /> </fortigate> </fortigates> <local_subnets_only>0</local_subnets_only> <notification_server /> <nac> <processes> <process id=""> <signature name="" /> </process> </processes> <files> <path id="" /> </files> <registry> <path id="" /> </registry> </nac> </endpoint_control> <vpn> <options> <autoconnect_tunnel /> <autoconnect_only_when_offnet>0</autoconnect_only_when_offnet> <keep_running_max_tries>0</keep_running_max_tries> <disable_internet_check>0</disable_internet_check> <save_password>0</save_password> <minimize_window_on_connect>1</minimize_window_on_connect> <allow_personal_vpns>1</allow_personal_vpns> <disable_connect_disconnect>0</disable_connect_disconnect> <show_vpn_before_logon>0</show_vpn_before_logon> <use_windows_credentials>1</use_windows_credentials> <use_legacy_vpn_before_logon>0</use_legacy_vpn_before_logon> <show_negotiation_wnd>0</show_negotiation_wnd> <vendor_id /> </options> <sslvpn> <options> <enabled>1</enabled> <prefer_sslvpn_dns>1</prefer_sslvpn_dns> <dnscache_service_control>0</dnscache_service_control> <!--0=disable dnscache service, 1=do not touch dnscache service, 2=restart dnscache service, 3=sc control dnscache paramchange--> <use_legacy_ssl_adapter>0</use_legacy_ssl_adapter> <preferred_dtls_tunnel>0</preferred_dtls_tunnel> <no_dhcp_server_route>0</no_dhcp_server_route> <no_dns_registration>0</no_dns_registration> <disallow_invalid_server_certificate>0</disallow_invalid_server_certificate> </options> <connections /> </sslvpn> <ipsecvpn> <options> <enabled>1</enabled> <beep_if_error>0</beep_if_error> <usewincert>1</usewincert> <use_win_current_user_cert>1</use_win_current_user_cert> <use_win_local_computer_cert>1</use_win_local_computer_cert> <block_ipv6>1</block_ipv6> <uselocalcert>0</uselocalcert> <usesmcardcert>1</usesmcardcert> <enable_udp_checksum>0</enable_udp_checksum> <disable_default_route>0</disable_default_route> <show_auth_cert_only>0</show_auth_cert_only> <check_for_cert_private_key>0</check_for_cert_private_key> <enhanced_key_usage_mandatory>0</enhanced_key_usage_mandatory> </options> <connections> <connection> <name>ERP_VPN</name> <single_user_mode>0</single_user_mode> <!--when single_user_mode=1 the tunnel cannot be connected if more than one user is logged on the computer--> <type>manual</type> <ui> <show_passcode>0</show_passcode> <show_remember_password>0</show_remember_password> <show_alwaysup>0</show_alwaysup> <show_autoconnect>0</show_autoconnect> <save_username>0</save_username> </ui> <ike_settings> <implied_SPDO>0</implied_SPDO> <implied_SPDO_timeout>0</implied_SPDO_timeout> <prompt_certificate>0</prompt_certificate> <server>vpn.powergrid.in</server> <authentication_method>Preshared Key</authentication_method> <auth_data> <preshared_key>Enc 50501c014e18cf6740a93276539e5dca0e46171eb42a69af2291cb1dba258a96</preshared_key> </auth_data> <mode>aggressive</mode> <dhgroup>5;</dhgroup> <key_life>86400</key_life> <localid>3</localid> <peerid /> <nat_traversal>1</nat_traversal> <mode_config>1</mode_config> <enable_local_lan>0</enable_local_lan> <nat_alive_freq>5</nat_alive_freq> <dpd>0</dpd> <dpd_retry_count>3</dpd_retry_count> <dpd_retry_interval>5</dpd_retry_interval> <enable_ike_fragmentation>0</enable_ike_fragmentation> <xauth> <enabled>1</enabled> <prompt_username>1</prompt_username> <username>Enc 5c92945ce4123cadaa3c78d6b7f0a03e1b83d006b14ddbd0</username> <password /> </xauth> <proposals> <proposal>AES128|SHA1</proposal> <proposal>AES256|SHA256</proposal> </proposals> </ike_settings> <ipsec_settings> <remote_networks> <network> <addr>0.0.0.0</addr> <mask>0.0.0.0</mask> </network> <network> <addr>::/0</addr> <mask>::/0</mask> </network> </remote_networks> <dhgroup>5</dhgroup> <key_life_type>seconds</key_life_type> <key_life_seconds>43200</key_life_seconds> <key_life_Kbytes>5120</key_life_Kbytes> <replay_detection>1</replay_detection> <pfs>1</pfs> <use_vip>1</use_vip> <virtualip> <type>modeconfig</type> <ip>0.0.0.0</ip> <mask>0.0.0.0</mask> <dnsserver>0.0.0.0</dnsserver> <winserver>0.0.0.0</winserver> </virtualip> <proposals> <proposal>AES128|SHA1</proposal> <proposal>AES256|SHA1</proposal> </proposals> </ipsec_settings> <on_connect> <script> <os>windows</os> <script> <!--Write MS DOS batch script inside the CDATA tag below.--> <!--One line per command, just like a regular batch script file.--> <!--The script will be executed in the context of the user that connected the tunnel.--> <!--Wherever you write #username# in your script, it will be automatically substituted with the xauth username of the user that connected the tunnel.--> <!--Wherever you write #password# in your script, it will be automatically substituted with the xauth password of the user that connected the tunnel.--> <!--Remember to check your xml file before deploying to ensure that carriage returns/line feeds are present.--> <![CDATA[]]> </script> </script> </on_connect> <on_disconnect> <script> <os>windows</os> <script> <!--Write MS DOS batch script inside the CDATA tag below.--> <!--One line per command, just like a regular batch script file.--> <!--The script will be executed in the context of the user that connected the tunnel.--> <!--Wherever you write #username# in your script, it will be automatically substituted with the xauth username of the user that connected the tunnel.--> <!--Wherever you write #password# in your script, it will be automatically substituted with the xauth password of the user that connected the tunnel.--> <!--Remember to check your xml file before deploying to ensure that carriage returns/line feeds are present.--> <![CDATA[]]> </script> </script> </on_disconnect> </connection> </connections> </ipsecvpn> </vpn> <vulnerability_scan> <enabled>1</enabled> <scan_on_registration>0</scan_on_registration> <scan_on_signature_update>1</scan_on_signature_update> <windows_update>1</windows_update> <auto_patch></auto_patch> <scheduled_scans></scheduled_scans> </vulnerability_scan> </forticlient_configuration>
If someone can help i will be very thankful i have tried everything and failed.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Do you manage the FortiClients using EMS?
You could also try using the native IPSec VPN client on the Mac as it's supports Fortigates.
I have the same problem after upgrading FortiClient from 5.4.3 to 5.6.6 using SSL VPN.
Works on 5.4.3, doesn't work on 5.6.6. And it's the FortiClient who disconnects the user ungracefully. After 5 minutes (which is my idle timeout setting on the FW) plus about 12-ish seconds, which is the time the client manages to stay connected to the VPN, I get an idle timeout in my firewall log. Tried uninstalling and then reinstalling the 5.6.6 MSI, but with same results.
Strangely, if I use the FortiClientSetup_5.6.6.1167.exe version, it seems to work though. Not sure why this is the case. The simple solution would be to distribute the .exe of course, but the guy who handles our SCCM for file distribution wants to use the MSI version.
Anyway, still searching for an answer to what the actual problem is.
Hi guys.
I have experienced this problem with Dell laptop on Win10. It is on the notorious Intel 3165 wireless adapted (which I have updated to the latest version).
On FortiClient 6.0.2 it stays connected for approx. 25 sec. and then drops.
I have installed FortiClient 5.4.1 (which I currently use) and the connection drops after 2-2:30 min.
I am not able to ping the destination hosts, while on any other computer it works.
(We are using SSLVPN)
Client computer is on a home network, no restrictions with regards to Internet access.
Windows firewall on or off doesnt make a difference.
I am stuck.
Any suggestions please?
Thanks.
Do you experience the same drops using a wired connection?
Hi Steve.
I will check that and advise.
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.