Hello,
I use Forticlient 6.4 and I am trying to connect to My customer's network through a SSLVPN
But when I try to establish connection, I get "Credential or ssl vpn configuration is wrong (-7200)"
I can guarantee I have the correct credentials :
- If I go to the web portal, Authentication is OK (but it's not usable for tunneling since my customer enforces the usage of Forticlient)
- If I use it with the same credentials on another computer, all goes OK
The only thing is, I have to use it on my EC2 instance for some reasons
Here are the logs got fom forticlient (with some useless informations replaced by 'Xs')
03/03/2021 19:44:24 error sslvpn date=2021-03-03 time=19:44:23 logver=1 id=96603 type=securityevent subtype=sslvpn eventtype=error level=error uid=759C8992AA59472092B77212ADC83DE3 devid=FCT8000490583038 hostname=IP-0A8F0277 pcdomain=N/A deviceip=10.143.2.119 devicemac=XX-XX-XX-XX-XX-de site=N/A fctver=6.4.3.1608 fgtserial=FCT8000490583038 emsserial=N/A os="Microsoft Windows Server 2016 Datacenter Edition, 64-bit (build 17763)" user=Administrator msg="SSLVPN tunnel connection failed" vpnstate= vpntunnel=XXXXX vpnuser=XXXXXXXXXXXX remotegw=XXX.XXX.XXX.XXX
On the router side, the error is seen as a "bad password" error
I suspect something on the network interface configuration, but I have to admit I have exhausted all my ideas.
Does anyone has an idea?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you get "diag debug application sslvpn " from the fortigate? Also how are you authenticating the user
radius
local
+ PKI certificate
etc....
If you're doing a 3rd party off appliance authenticator, test with a local-user 1st, and if that works then you can pinpoint the issue(s).
I would check to ensure proper group membership, and that the account is not locked out. If you find the issue, report back here so others will know what the issue are.
Ken Felix
PCNSE
NSE
StrongSwan
Hello,
Thank you for the answer
Unfortunately, I have no clues about how the Fortinet router works (It's in My customer's infrastructure)
I only have the client side
Just spent too long on debugging this for a colleague when the solution was simply that the username is Case.Sensitive when using an LDAP server (e.g. Synology) - ensure what you are entering or have got saved in the vpn configuration has the user name casing matching exactly how it is setup in LDAP
I faced a similar issue, but the solution was related to a security group. Our system administrator created a security group, and anyone inside that group was unable to connect to the VPN.
We just remove it from that group.
Credential or ssl vpn configuration is wrong (-7200) 48%
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.