We're having trouble with people disconnecting or not being able to connect when using LTE/5G network(Canada's Bell Network). User's hot-spot's via their iPhones and are able to navigate the web but have trouble establishing SSL VPN connection and have issues staying connected.
We have the following versions:
Fortigate:7.2.7
FortiEMS:7.2.4
FortiClient: 7.2.4
We tried DTLS on and off - no material difference. Maybe the initial connection was easier to establish but nothing life changing.
Auto-reconnect is enabled on Fortigate side but does not really help us in this situation.
Are there anyone who had luck sustaining this type of connection over SSL VPN and are there any particular config anyone has success with?
What errors do you see on the FortiClient logs? What errors do you see on the FortiGate logs? Windows? Mac? Linux?
Does Bell use CG-NAT?
Bell does seemingly use CG-NAT.
FGT side we just see that the user has requested termination of service
FortiClient logs show: connection was terminated when no bytes received form other end fro almost 2 minutes
Is there a plan you can switch to that doesn't use CG-NAT? Not sure about Canada but in the US, there are business plans that do not use CG-NAT.
We'll look at if there is something like that available to us.
For my understanding, why are you suggesting getting off CG-NAT could make our connections better?
Multiple users connecting to the FortiGate from potentially the same egress IP. In theory it shouldn't cause any issues but depends on how the CGNAT is deployed.
Thanks, we'll look into it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1749 | |
1114 | |
766 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.