I have googled as to why this can occur.
My configuration is all correct and i never restrict any hosts.
I am using free forticlient though.
Why cant i go in?
What are the commands to troubleshoot?
You can run the following debugs on the FortiGate and try to connect:
# diagnose deb res
# diagnose debug application fnbamd 255# diagnose debug application sslvpn -1# diagnose debug console timestamp enable# diagnose debug enable
Run 'di deb dis' to disable the debug.
Please verify your SSL VPN configuration to see whether "Host Check" option is enabled.
See following KB article for more details:
Thank you for reaching the Fortinet support forum.
Please confirm did you have time to verify the commands and try connecting to ssl vpn ?
-Can you please confirm the below information as well:
1. What is the free version for forticlient and also the Fortigate firmware version?
2. are you using local user authentication or else LDAP /RAIDUS /FSSO /SAML to connect ssl vpn ?
3. At what percentage does the error come up?
4. How many users are affected by this issue?
debugs you can use :
#diag deb reset
#diag deb console timestamp enable
#diag vpn ssl debug-filter src-addr4 x.x.x.x (where x.x.x.x is the public ip address of the user from where the vpn is initiated)
#diag debug app sslvpn -1
#diag debug app fnbamd -1
#diag deb en
diag de disable ----to stop debugs
article can help further :
Troubleshooting Tip: SSL VPN Troubleshooting - Fortinet Community
7.0.9.0493 for the forticlient vpn. v7.0.18 build 0450 for FW.
I am using local authentication.
It comes up at 80%
This is a new setup and I am currently testing with 1 user - myself.
I can ping the wan interface. However, no logs are appearing after issuing the debug coommands. It doesnt even hit the FW rules. I have no idea what is the issue.
Hi Business User,
It seems to be an issue with Forticlient version. As you are running free Forticlient version check with FortiClient version 6.0.
Refer on this below article:
Downgrading the forticlient works.
But shouldn't a later version be better than the old one?
Thank you for the update,
-For testing purposes can you try enabling web mode and verify if you can log in to the firewall so that we can at least verify if it is forticlient issue or a firewall issue?
-If you are able to login from web mode then we can try changing forticlient version.
-If the error comes at 80% then authentication is reaching firewall but might having issue with firewall policy we can check further
Troubleshooting Tip: Possible reasons for FortiCli... - Fortinet Community
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.