Thanks for the reply. We are not using the proxy, and we are currently using the 7.2.7 firewall version. Forticlint is that we are using 7.2.3. We are checked with the lowest version, and I am able to connect.

Hi @obulareddy,

Can you make sure 'Enable Single Sign On (SSO) for VPN Tunnel' option is selected on FortiClient? Are you using IP address or FQDN for Remote Gateway? You can collect SSLVPN debugs by following this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-Troubleshooting/ta-p/189542

Regards, 

same issue here since yesterday, but only on 2 of 250 employees. So at the moment i have no clue what's behind this...

The debug for SSO authentication (SAML protocol) will be as follows:

diag debug console timestamp enable
diag debug app saml -1
diag debug app sslvpn -1
diag debug enable

If this is only for a very few users, it is quite possible that this is not related to the firewall but rather the user-related configuration. That can be the SAML-IdP you have or the FortiClient end station.

If one trusts the error message, you should check whether the client station can actually reach the FortiGate address, so from Windows client to FortiGate web interface. See with a packet capture what arrives as packets. The debug above should give you something - unless really no packet arrives.

Best regards,

Markus