Hello everyone!
We have a big problem with FortiClient for our users.
Some people experience random disconnects and performance hickups. We have looked into every variable, but have not found anything specific.
Some people have had no issues whatsoever.
Some people experience a disconnect after hours of constant use, their internet connection meanwhile being rock solid.
Some people have poor performance with the FortiClient on one device, but not on another, while other people have no problems on those allegedly problematic devices.
For some it's a mixed bag of all of the above, which case they experience being a gamble.
We know from the support team that if the VPN traffic passes a Deutsche Telekom Backbone, it may have some trouble. It is not our main internet connection, since some people can work just fine with FortiClient. It is not the WAN connection of the User, since the ones affected the most are testing the stability of it concurrently and it is rock solid. We have tried DSL, cable, fiber, LTE, 5G, even Starlink for the users and it just doesn't want to work reliably for us.
Does anyone have any idea what may be causing such performance problems for us?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @Aktuare,
What are the version of FortiGate and FortiClient? When did this issue start? Are you using SSLVPN or IPsec VPN? Split tunnel or full tunnel? You can collect FortiClient debug logs and check why it got disconnected: https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-enable-debug-log-in-FortiClient/t...
Regards,
Created on 02-05-2024 07:22 AM Edited on 02-05-2024 07:26 AM
Hi @hbac ,
While my colleagues are looking up the other things for me, I can at least provide some more information.
We have a FortiGate 100F on v7.2.6
The VPNs for the users are all SSL VPNs with split tunneling via the free FortiClient on version 7.2.3.0929
AFAIK, the problem could have existed since we have acquired the FortiGate over eight months ago. It just has not been as noticeable because we have very slowly started rolling it out. Many users had not tried the SSL VPN and instead used the old OpenVPN on accident, so pinpointing if it has started at a certain time is hard.
Regards,
Hi, @Aktuare
We have the same issue... We are replacing cisco anyconnect to FortiClient. Anyconnect is be able autoreconnect and user even does not notice it. FortiClient each time require login and MFA which is very annoing.
@Aktuare did you try to enable DTLS?
For us DTLS does not resolve the stability problem, even worsed.
Hi @KK_PRL
We have tried DTLS, but it does not help with the users that experience any sort of problems with the FortiClient itself :\
We have gone as far as to check the internet connections of the affected users and try alternatives, but no luck so far.
I'm also running into an issue with this as well, it was never really a problem until we implemented MFA a few weeks ago, as it stands, i've increased the idle timeout for users to 30 minutes to see if that helps
We use FC cloud ems with registered devices on version 7.2.4
For MFA users auth to a MS NPS radius server
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.