Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Problem: VPN connection fails every 5 minute

Hi all, some months ago the company for which I work switched from cisco to fortinet to manage its VPN. Currently I' m using forticlient and I' m able to connect to the fortinet VPN with the login parameters that they gave me but I have an issue. The VPN connection fails every about 5 minutes and I' ve to re-do the login every time. This cause me many slowing down during the work. Any idea of what can cause/how to solve this problem? I' m not very practical of VPN so sorry if in my question I missing some important detail. If is needed please ask for any configuration parameter that can cause the problem. Thanks in advance.
Contributor III

Hi you can probably understand that your question is not easy to answer but from this what you are writing I would do following: - Based on the version of the client 5.0.7 (FortiClient) I would say you are using Client2Site VPN based on IPSec. - Look that you are using on the FortiGate latest release meaning 5.0.6 - How your connection was created? If it was created by using phase-1 and after phase-2 delete the IPSec connection and do it again by using the Client Wizard for FortiClient (do not forgett to deactive the registration for the FortiClient in the Wizard) - If you are using FortiClient look that you use VPN only mode with FortiClient. This means if you downloaded the client from your client has AV, IPS, WebFilter etc. this is probably not the way you would like to go. You can download the VPN only client on the WebGui under Dashbaord > System Information > FortiClient (look at the small icons for Windows and MAC). This client is coming from the Cloud and not available on the • FortiClientOnlineInstaller_5.0.7.0333: Minimal installer for 32-bit and 64-bit Windows. This file downloads and installs the latest FortiClient file from the public FDS. At least you can also debug the stuff with following command: diagnose debug reset diagnose debug application ike -1 diagnose debug info diagnose debug enable look what error comes up if the client disconnects! By the way " debug" is your friend look at following comand because everything can be debug on FGT: diagnose debug application ? All this application can be looked to with the debug command. Also if within the connection internal something is not correct working look to the sniffer command....absolutly creat: diagnose sniffer packet <interface_name> <‘filter’> <verbose> <count> Examples <‘filter’>: Not Port 443 = ' !port 443' Port 443 = ' port 443' Host = ' host' Host and Host = ' host and host' Host and Port 443 = ' host and port 443' Host and not Port 443 = ' host and !port 443' Host or Port 443 = ' host or port 443' Nur udp Traffic = ' udp' Nur SYN Flag = ' tcp[13]&2==2' Nur ARP Packete = ' arp' <verbose> Definiert den Level der " Verbosity" : 1 - shows the header of packet 2 - shows the header and data of ip packet 3 - shows the header and data of Ethernet packets (Frames ACSII and HEX) 4 - showns header and interface of packets <count> gives the number of packet to be shown This all gives you probably a way to begin. hope this helps have fun Andrea
Top Kudoed Authors