So I am having this weird issue with the SSL VPN when connecting with the forticlient.

I can connect when specifying the external ip address to connect to but when i specify the DNS name pointing to the same ip address I get the "Unable to logon to the server. Your user name or password may not be configured properly for this connection.

Basically when connecting to 123.456.789.123 port xxx works but connecting to sslvpn.example.com port xxx does not work.

When using diagnose debug I can see that the connections differ, they both start out with the certificate key exchange which ends with "SSL state:SSL negotiation finished successfully".

But after this however it starts to differ, when connecting to the ip address (the one that works) I get the following: "SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384" followed by "req: /remote/fortisslvpn_xml" with "decode session id ok, user = [xxxxx]"

When connecting to the DNS name of the IP address I get the following: "SSL established: TLSv1.2 ECDHE-RSA-AES256-SHA384" followed by "req: /remote/login" with "no session id in auth info"

Where the connection to the ip address continues with setting up the tunnel, the DNS connection continues with stating "no session id in auth info"

Note that both cases work when connecting to the webportal but not when using the forticlient the firewall is configured to utilize the default self-signed server certificate.

Does anyone have any idea what can cause the forticlient to fail when using DNS name to connect to?