Thank you for posting to the Fortinet Community Forum.
As per your problem description I can understand that you are facing issue while connecting to ssl vpn and it is getting stuck at 40%
As you have asked "Does the WAN config with the VLAN approach that I've set up support what I'm trying to do"// Yes, we can configured the ISP link in the vlan and call the same vlan interface in the ssl vpn settings as the server interface
You have got the following error "This may be caused by a mismatch in the TLS version. .... (-5029)"
Please share me the below output.
SSH1:- diag debug reset diagnose debug console timestamp en diagnose vpn ssl debug-filter src-addr4 x.x.x.x - Here x.x.x.x is the public IP of the user connecting. diag debug appl sslvpn -1 diag debug appl fn -1 diag debug enable
wait till the VPN disconnect, disable the logs by executing
diag debug disable diag debug reset
SSH2:- config vpn ssl settings get
Cross verified the following settings once as you have mentioned "The Win 10 PC this is running on has TLS 1.1, 1.2 and 1.3 running."
Thanks. In seeing through the above direction I found the following:
SSL VPN App - I still can't get the VPN app from the Windows store to work. Is this expected to work? I use ?ice=1 at the end of the URL to ignore certificate issues, and use the custom port assigned.
SSL VPN Forticlent VPN only - Yay, I got this working. Turns out the custom SSL port being used was not persisting when updated in the 'custom port' field, only when entered within the Remote Gateway URL field. Seems I'd missed this will all the other 'noise' going on.
SSL VPN Web - Still fails when trying to use RDT. Not too concerned here as I don't intend using this service.
Please answer point 1 above, otherwise thanks for your support and I'm good to go now.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.