Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
obulareddy
New Contributor II

Created on ‎06-26-2024 11:40 PM

We are facing issue with SSLVPN users’ connectivity, for SSO authentication users

We are facing issue with SSLVPN user connectivity , fofr sso authentication users .

 

image (7).png

obul
obul
Labels:
167
0 Kudos
5 REPLIES 5
fricci_FTNT
Staff
Staff

Created on ‎06-27-2024 12:19 AM Edited on ‎06-27-2024 12:20 AM

Hi @obulareddy ,

 

Are you using a proxy? Try to check it.

Are you able to ping the URL/IP address (if allowed)?

 

Also please check the following resources, they might help:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Possible-reasons-for-FortiClient-SSL...

https://community.fortinet.com/t5/Support-Forum/FortiClient-VPN-codes-6005-5001-5002-6006/td-p/27959...

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-Troubleshooting/ta-p/189542

 

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
143
obulareddy
New Contributor II

Created on ‎06-27-2024 12:31 AM

Thanks for the reply. We are not using the proxy, and we are currently using the 7.2.7 firewall version. Forticlint is that we are using 7.2.3. We are checked with the lowest version, and I am able to connect.

obul
obul
136
hbac
Staff
Staff

Created on ‎06-27-2024 08:46 AM

Hi @obulareddy,

 

Can you make sure 'Enable Single Sign On (SSO) for VPN Tunnel' option is selected on FortiClient? Are you using IP address or FQDN for Remote Gateway? You can collect SSLVPN debugs by following this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-Troubleshooting/ta-p/189542

 

Regards, 

95
0 Kudos
Team-IT
New Contributor II

Created on ‎06-27-2024 11:19 AM

same issue here since yesterday, but only on 2 of 250 employees. So at the moment i have no clue what's behind this...

72
0 Kudos
Markus_M
Staff
Staff

Created on ‎06-27-2024 01:54 PM

The debug for SSO authentication (SAML protocol) will be as follows:

diag debug console timestamp enable
diag debug app saml -1
diag debug app sslvpn -1
diag debug enable

If this is only for a very few users, it is quite possible that this is not related to the firewall but rather the user-related configuration. That can be the SAML-IdP you have or the FortiClient end station.

If one trusts the error message, you should check whether the client station can actually reach the FortiGate address, so from Windows client to FortiGate web interface. See with a packet capture what arrives as packets. The debug above should give you something - unless really no packet arrives.

 

Best regards,

 

Markus

 

56
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.