Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

SSL VPN troubleshooting

Hi,

how could I troubleshoot unsuccessful SSL VPN connections to Fortigate, I have a client that send me screenshot with error "Unable to logon to the server. Your username or password may not be configured properly for this connection. (-12)"

How could I dig into this issue, other users connecting without problem so config is right, we use windows NPS as authentication for users. I checked this user domain account and is enabled and active.

I found a command:

diagnose debug application sslvpn -1
diagnose debug enable

but this is rather for live monitoring, how could I find a reason for this unsuccessful SSL VPN connection from two days ago. On Fortianalyzer in SSL & Dialup Ipsec I see only successful connections. 

1 REPLY 1
akristof
Staff
Staff

Hello,

 

Thank you for your question. From logs, you can only check if the username was used for authentication and if the authentication was ok or not. Other than this, live debug is only option to see what is wrong. With sslvpn use also fnbamd (process for authentication).

diag debug app sslvpn -1

diag debug app fnbamd -1

diag debug console time en

diag debug enable


And then user needs to try connect and if he will get error, you should be able to trace based on this public IP address and username used for authentication.

Adrian
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors