Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Michal
New Contributor

VPN SSL Warning

Hello Everyone, I have a problem with my ssl vpn. For 3 weeks (earlier work normally) my ssl vpn stuck at 10%, and I have a warning: " Unable to establish the VPN connection. The VPN server may be unreachable" After restart the Fortigate, the vpn is working properly. Do you have any idea where is the problem? Where I need to look?
5 REPLIES 5
Istvan_Takacs_FTNT

Enable debug level logging on the Forticlient (if you use tunnel-mode) in File -> Settings -> Logging I think and the same on the Fortigate: # diagnose debug application sslvpn -1 # diagnose debug enable than start a new session and when it gets stuck, look at both logs. If you don' t use tunnel-mode then check the Windows Application and System Event logs instead. Don' t forget to disable debug-level logging on both after you finished. # diagnose debug disable # diagnose debug reset
dasilva13
New Contributor

Which model do you have? We have smaller models (60/80) and encounter this issue a lot. The unit has to be rebooted in order for VPN to work.
Michal
New Contributor

I have a Fortigate 60D. The logs on Fortigate don' t show anything. What can I do next to fix this issue? Please help me.
Christopher_McMullan

Istvan had provided the commands on Monday: Enable debug level logging on the Forticlient (if you use tunnel-mode) in File -> Settings -> Logging I think and the same on the Fortigate: # diagnose debug application sslvpn -1 # diagnose debug enable than start a new session and when it gets stuck, look at both logs. If you don' t use tunnel-mode then check the Windows Application and System Event logs instead. Don' t forget to disable debug-level logging on both after you finished. # diagnose debug disable # diagnose debug reset Maybe show the process you used in the command line to enable these diagnostics, and the fact that the output remained blank for the duration of you test. Otherwise, if either the client or FortiGate provided *some* output, even if it wasn' t immediately relevant, post it here so everyone can have a look. Fuzz any confidential details as need be, of course.

Regards, Chris McMullan Fortinet Ottawa

rickards
New Contributor

What version are you running ? I have noticed that it sometimes help to change sslvpn port to something else and the back. Think it restarts the sslvpn daemon.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors