Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sribiere
New Contributor

[SOLVED] Credential or ssl vpn configuration is wrong (-7200)

Hello, 

 

I use Forticlient 6.4 and I am trying to connect to My customer's network through a SSLVPN

 

But when I try to establish connection, I get "Credential or ssl vpn configuration is wrong (-7200)"

 

I can guarantee I have the correct credentials : 

- If I go to the web portal, Authentication is OK (but it's not usable for tunneling since my customer enforces the usage of Forticlient)

- If I use it with the same credentials on another computer, all goes OK

 

The only thing is, I have to use it on my EC2 instance for some reasons

 

Here are the logs got fom forticlient (with some useless informations replaced by 'Xs')

 

03/03/2021 19:44:24 error sslvpn date=2021-03-03 time=19:44:23 logver=1 id=96603 type=securityevent subtype=sslvpn eventtype=error level=error uid=759C8992AA59472092B77212ADC83DE3 devid=FCT8000490583038 hostname=IP-0A8F0277 pcdomain=N/A deviceip=10.143.2.119 devicemac=XX-XX-XX-XX-XX-de site=N/A fctver=6.4.3.1608 fgtserial=FCT8000490583038 emsserial=N/A os="Microsoft Windows Server 2016 Datacenter Edition, 64-bit (build 17763)" user=Administrator msg="SSLVPN tunnel connection failed" vpnstate= vpntunnel=XXXXX vpnuser=XXXXXXXXXXXX remotegw=XXX.XXX.XXX.XXX

 

On the router side, the error is seen as a "bad password" error

 

I suspect something on the network interface configuration, but I have to admit I have exhausted all my ideas.

Does anyone has an idea?

5 REPLIES 5
emnoc
Esteemed Contributor III

Can you get "diag debug application sslvpn " from the fortigate? Also how are you authenticating the user 

 

 radius

 local

 + PKI certificate

 etc....

 

If you're doing a 3rd party off appliance authenticator, test with a local-user 1st, and if that works then you can pinpoint the issue(s).

 

I would check to ensure proper group membership, and that the account is not locked out. If you find the issue, report back here so others will know what the issue are.

 

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
sribiere
New Contributor

Hello, 

 

Thank you for the answer

Unfortunately, I have no clues about how the Fortinet router works (It's in My customer's infrastructure)

I only have the client side

 

 

sribiere

Finally found the answer

 

https://forum.fortinet.com/tm.aspx?m=145662

 

Thank you for your time guys

 

mbirtwistle

Just spent too long on debugging this for a colleague when the solution was simply that the username is Case.Sensitive when using an LDAP server (e.g. Synology) - ensure what you are entering or have got saved in the vpn configuration has the user name casing matching exactly how it is setup in LDAP

LucianoCastillo
New Contributor II

I faced a similar issue, but the solution was related to a security group. Our system administrator created a security group, and anyone inside that group was unable to connect to the VPN.

 

We just remove it from that group.

 

Credential or ssl vpn configuration is wrong (-7200) 48%

Labels
Top Kudoed Authors