- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiAP
- FortiClient
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiExtender
- FortiEDR
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: cannot longer connect FortiClientVPN 7.2.2.01...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cannot longer connect FortiClientVPN 7.2.2.0116 Azure SAML MFA
Hello,
since updating iPhone iOS from the last version 16 to the current 17.0.1, connecting via FortiClientVPN is no longer possible. The Azure SAML authentication takes place, but it stops at "Connection".
FortiClient VPN 7.2.2.0116
Fortigate 7.2.5 build1517
Can anyone here report the same problem?
Labels:
- Labels:
-
FortiClient
61 REPLIES 61
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problem finnaly solved by Miguel Cifuentes | TAC Engineer after adjusting :
config vpn ssl settings
set dtls-tunnel disable
end
But the question is: This will open any security issues?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @PBalochini,
No, dtls-tunnel uses UDP instead of TCP to improve performance. Disabling it will not pose any security risk.
Regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm having the same the issue. I have tried to disable DTLS on FortiGate side and the connection succeed.
Do you have the same behaviour ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Support125
This is the same behavior that we observed for users in this thread where iOS users with FortiClientVPN 7.2.2.0116 connecting to Azure SAML.
Cheers,
Kayzie Cheng
If you have found a solution, please like and accept it to make it easily accessible for others.
Kayzie Cheng
If you have found a solution, please like and accept it to make it easily accessible for others.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I observed the same issue. By disabling DTLS on Fortigate side, VPN SSL connection (SAML Azure AD + conditional access) succeed.
Can you confirm that point on your side ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Support125
This is the same behavior that we observed for users in this thread where iOS users with FortiClientVPN 7.2.2.0116 connecting to Azure SAML. Do keep an eye if this has been fix in the future release where you will be able to reenable the DTLS on FortiGate once again.
Cheers,
Kayzie Cheng
If you have found a solution, please like and accept it to make it easily accessible for others.
Kayzie Cheng
If you have found a solution, please like and accept it to make it easily accessible for others.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We got it working by disabling DTLS in the FortiGate settings.
Fortinet is working on an update that fixes the issue.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
Can someone with DTLS disabled confirm if VNC connections from iOS work?
We are having issues connecting VNC through the SSL tunnel.
We have observed that VNC works fine if we disable SAML and enable DTLS. But does not work with DTLS disabled. Using Forticlient EMS (workaround) with DTLS and SAML enabled VNC does not work.
I'm trying to confirm if this is related to the discussed issue.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @jhe
Your issue sounds different from this. If you are able to connect to SSLVPN, but failed to access VNC after getting connected, the symptoms are different. I'd suggest that you create a support ticket for our team member to further assist you on this.
Cheers,
Kayzie Cheng
If you have found a solution, please like and accept it to make it easily accessible for others.
Kayzie Cheng
If you have found a solution, please like and accept it to make it easily accessible for others.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can confirm vnc works it's going to be something else
Related Posts
- FortiGate6.2 BGP filter 76 Views
- ADVPN with Multi-WAN Without SDWAN 28 Views
- after upgrade of 70F 61 Views
- FORTIMANAGER VM TRIAL 72 Views
- Connectivity Issue Between 2 Fortigate ?! 673 Views
Labels
-
FortiGate
6,980 -
FortiClient
1,369 -
5.2
801 -
5.4
639 -
FortiManager
607 -
FortiAnalyzer
440 -
6.0
416 -
FortiAP
364 -
5.6
362 -
FortiSwitch
361 -
FortiClient EMS
284 -
FortiMail
269 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
169 -
6.4
128 -
FortiNAC
123 -
FortiGuard
111 -
IPsec
102 -
FortiGateCloud
92 -
SSL-VPN
91 -
FortiSIEM
91 -
FortiCloud Products
86 -
FortiToken
76 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
SD-WAN
43 -
FortiEDR
42 -
Fortivoice
42 -
FortiDNS
37 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
FortiAuthenticator
29 -
High Availability
28 -
VLAN
27 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
DNS
21 -
FortiConverter
21 -
FortiGate v5.2
19 -
BGP
18 -
FortiPortal
18 -
Certificate
18 -
FortiSwitch v6.2
17 -
SAML
17 -
LDAP
17 -
VDOM
16 -
FortiMonitor
14 -
Authentication
14 -
FortiLink
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
RADIUS
11 -
NAT
11 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Fortigate Cloud
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Web profile
9 -
Application control
9 -
4.0MR2
9 -
FortiBridge
8 -
WAN optimization
8 -
FortiGate v4.0 MR3
8 -
IP address management - IPAM
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
IPS signature
5 -
Proxy policy
5 -
Packet capture
5 -
FortiAP profile
5 -
Automation
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Antivirus profile
4 -
DNS Filter
4 -
FortiTester
4 -
Web rating
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1011 | |
| 837 | |
| 481 | |
| 440 | |
| 141 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.