Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- SSLVPN is not establishing through the primary ISP...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSLVPN is not establishing through the primary ISP via FortiClient.
Dear Concern,
In the FortiClient application, I have defined 2 remote gateways, but the connection is not being established with the first one, only with the second one. This happens only when I manually replace the first remote gateway with the second one in FortiClient. It used to work with both, but now it suddenly stopped working with the first one for an unknown reason. When I try to connect to the first one, it stays at 0% and doesn't give any error. As soon as I set the second remote gateway as the first one, it connects immediately.
Both WAN IPs are responding to ping. In the FortiGate Firewall VPN settings, both WAN interfaces are selected in the listen interface. So, how should I troubleshoot to find out what the issue is and how can I resolve it?
Can anyone help me to resolve the issue
Labels:
- Labels:
-
FortiGate
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Mirza_Asad2723 ,
can you please collect following debugs as per this article:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-Troubleshooting/ta-p/189542 and update the thread.
Or have you tried with different FortiClient version?
DNB
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear @dbhavsar ,
No, I haven't tried it on a different version of FortiClient. Further let me debug according to your shared link and then will update
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After enabling debug mode, when I connect using FortiClient, no data is received from the first remote gateway and the FortiClient status stays on 0%. However, when I replace the first remote gateway with the second remote gateway in the FortiClient application, data starts coming in.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Mirza_Asad2723,
No data means traffic is not reaching the FortiGate. It should at least fails at 10%. If it is 0%, I think the issue is on the FortiClient side. Please try deleting and recreating the VPN connection on FortiClient. If it doesn't help, please try a different FortiClient version.
Regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Currently my FortiClient version is 7.2.4.0972. According to you, let me try after recreating the VPN connection.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After recreating the VPN connection, the same issue is occurring. As soon as I click the connect button, it first goes to 10%, then drops to 0%, and stays stuck at 0%.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Please run the following command to capture traffic on Firewall while testing using the First Gateway
Verify that Firewall is receiving the traffic from user for the First Gateway
diagnose sniffer packet any 'host X.X.X.X' 6 0 l [Use user public IP address]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When I run this command and enter the IP of the first remote gateway on the host, and then connect using FortiClient after running the command, I get this response.
1 packets received by filter
0 packets dropped by kernel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Mirza_Asad2723 ,
Can you verify if both the ISP routes (WAN )are active on the FortiGate
# get router info routing-table database
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Forticlient SSL VPN get connected without... 508 Views
- VPNSSL Split tunneling using internet services 295 Views
- Forti Client SSL problem (dpkg: 7.2.3.0790,... 336 Views
- What FortiOS Event Logs should i... 1101 Views
- Snapdragon ARM Won't Pass Traffic 1147 Views
Labels
-
FortiGate
8,255 -
FortiClient
1,668 -
5.2
801 -
FortiManager
692 -
5.4
639 -
FortiAnalyzer
526 -
FortiSwitch
445 -
FortiAP
439 -
6.0
416 -
FortiClient EMS
382 -
5.6
362 -
FortiMail
306 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
197 -
5.0
196 -
FortiWeb
193 -
FortiNAC
168 -
IPsec
166 -
FortiGuard
131 -
6.4
128 -
SD-WAN
101 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
95 -
FortiToken
88 -
FortiAuthenticator
77 -
Customer Service
75 -
Wireless Controller
75 -
Firewall policy
67 -
4.0MR3
64 -
FortiProxy
55 -
FortiADC
51 -
Fortivoice
50 -
FortiEDR
50 -
VLAN
46 -
High Availability
45 -
ZTNA
44 -
FortiExtender
43 -
FortiDNS
42 -
FortiSandbox
40 -
Routing
37 -
DNS
37 -
BGP
36 -
FortiGate v5.4
35 -
LDAP
35 -
FortiSwitch v6.4
33 -
SAML
32 -
Interface
31 -
Certificate
31 -
SSO
29 -
FortiConnect
28 -
Authentication
28 -
NAT
28 -
RADIUS
26 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
24 -
FortiGate v5.2
23 -
Application control
22 -
Virtual IP
22 -
Web profile
21 -
Logging
20 -
Fortigate Cloud
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
FortiMonitor
18 -
FortiPAM
18 -
Traffic shaping
17 -
SSL SSH inspection
16 -
FortiDDoS
15 -
FortiGate v5.0
14 -
OSPF
14 -
IP address management - IPAM
14 -
FortiCASB
12 -
SNMP
12 -
SSID
12 -
Admin
12 -
Static route
12 -
WAN optimization
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiSOAR
11 -
Automation
11 -
System settings
11 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiManager v4.0
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiBridge
8 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
Traffic shaping policy
7 -
Fabric connector
7 -
Intrusion prevention
7 -
FortiDeceptor
6 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Traffic shaping profile
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Email filter profile
4 -
Netflow
4 -
Replacement messages
4 -
Web rating
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
API
2 -
FortiNDR
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
SDN connector
2 -
Service
2 -
Zone
2 -
Cloud Management Security
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
Multicast policy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1603 | |
| 1048 | |
| 749 | |
| 443 | |
| 210 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.