Hello,
a short time ago I changed to NAT mode and now I want to connect with SSL VPN from everywhere to my Network.
I configured everything and entered the CORRECT username and password in the VPN client on my notebook. I also addet my vpn user to a group which hast full SSL VPN Access. But everytime I connect it says: Can´t login username or password might be wrong (-12)
Has anyone a idea why this isn´t working?
Solved! Go to Solution.
So you have not able to connect on default 10443 port. What alternate port are you using. If you have changed port in Portal, you need to change port in SSL-VPN client as well.
If it is a port issue then Portal should not open at all. Authentication should not be an issue with VPN Portal Port.
Ahead of the Threat. FCNSA v5 / FCNSP v5
Fortigate 1000C / 1000D / 1500D
Hello,
Did you assign your group to the policy?
Thanks,
I added my vpnuser Group to my VPN Policy and did everything like I saw in in different videos and docs. But it wont connect. At 80% there is this -12 error.
Hello,
Try via your portal : https://yourip:10443
Then check the logs, maybe they'll help you and show you where the problem is.
Firstly are you using a local user database or a remote Server as Active Directory (LDAP) ?
In case of local user , please confirm the local user is not disabled.
please confirm the FortiOS version with a snapshot of the policy.
Ahead of the Threat. FCNSA v5 / FCNSP v5
Fortigate 1000C / 1000D / 1500D
Suggestion:
Instead of guessing, why don't you use the diagnostics
diag debug reset
diag debug en
diag debug app sslvpn -1
It will probably show exactly what the problem(s)
PCNSE
NSE
StrongSwan
Ok guys, thanks for your answers.
I changed the HTTPS port to another port and now I can connect to the web interface (portal) of the SSL connection.
At the portal I can click connect in the section tunnel mode. Then the forticlient automatically connects to my VPN an i can Access the Internet over it. If I do the same when I´m not logged in in the portal (only in in the fortclient) then it says again wrong username / password (-12) so I think my policy is correct. But why can´t I login to the VPN with the FortiCLient ony?
So you have not able to connect on default 10443 port. What alternate port are you using. If you have changed port in Portal, you need to change port in SSL-VPN client as well.
If it is a port issue then Portal should not open at all. Authentication should not be an issue with VPN Portal Port.
Ahead of the Threat. FCNSA v5 / FCNSP v5
Fortigate 1000C / 1000D / 1500D
Yeah your last sentence was my answer!
I used the SSL port in the Forticlient. Now I tried the Portal port and it finally works!
Thanks a lot
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.