Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
c-j
New Contributor II

SSL VPN and remote file server access

we have a user who is on a different domain and we are trying to give them access to a file server on our domain. I had tried ssl vpn through the web, but read somewhere that if we wanted to map drives would need to use forticlient.

The user was able to connect to ssl vpn through the web. And they could ping IP of file server, but not dns name. If he tried to map drive, he would get an error saying "an error occurred while connecting Z: to "share path". The network path was not found.

 

I installed forticlient ssl vpn, and configured is as well. But when users tried to login they get an error message: "failed to establish the VPN connection. This may be caused by a mismatch in the TLS versions. Please check the TLS version settings in the Advanced of the internet options. (-5029)"

The fortigate is running version 7.2.x and has max tls set at tls1-3. And the users computer which is the one trying to connect to VPN is also running 1.3 and down to 1.2. Unable to test file mapping until this piece can be addressed.

 

Any ideas as to what to check?

Thank you

1 Solution
kvimaladevi
Staff
Staff

Hi c-j,

 

I understand that you are unable to access the files from the server which is in your domain through ssl vpn webmode or tunnel mode. 

When you access webmode, Fortigate acts as a proxy server. If you are using an internal DNS server, please make sure it is added as one of the DNS servers in the Fortiguard DNS.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-Mode-SSL-VPN-unable-to-resolve-Interna...

As far as the Tunnel mode is concerned where you get an error "failed to establish the VPN connection" with error code  (-5029), it is usually because of the tls version mismatch only. 

Could you help us with the output of the below

config vpn ssl settings
sh full | grep tls

If both are having the correct settings and if you are still seeing the same error, please make sure the server certificate is set on the ssl vpn settings and that it is not empty.

 

Regards,

Vimala

View solution in original post

5 REPLIES 5
c-j
New Contributor II

how do I change label from FotiAuthenticator to Forticlient and Fortigate?

 

kvimaladevi
Staff
Staff

Hi c-j,

 

I understand that you are unable to access the files from the server which is in your domain through ssl vpn webmode or tunnel mode. 

When you access webmode, Fortigate acts as a proxy server. If you are using an internal DNS server, please make sure it is added as one of the DNS servers in the Fortiguard DNS.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-Mode-SSL-VPN-unable-to-resolve-Interna...

As far as the Tunnel mode is concerned where you get an error "failed to establish the VPN connection" with error code  (-5029), it is usually because of the tls version mismatch only. 

Could you help us with the output of the below

config vpn ssl settings
sh full | grep tls

If both are having the correct settings and if you are still seeing the same error, please make sure the server certificate is set on the ssl vpn settings and that it is not empty.

 

Regards,

Vimala

c-j
New Contributor II

Hi Vimala:

out from sh full | grep tls

 

set ssl-max-proto-ver tls1-3
set ssl-min-proto-ver tls1-2

set dtls-hello-timeout 60
set dtls-tunnel enable
set dtls-max-proto-ver dtls1-2
set dtls-min-proto-ver dtls1-0

 

Thanks cj

Christian_89
Contributor III

Hello

Do you have web mode or tunnel mode active?

c-j
New Contributor II

I am using full access so both are active. thanks cj

Labels
Top Kudoed Authors