Hello,
since updating iPhone iOS from the last version 16 to the current 17.0.1, connecting via FortiClientVPN is no longer possible. The Azure SAML authentication takes place, but it stops at "Connection".
FortiClient VPN 7.2.2.0116
Fortigate 7.2.5 build1517
Can anyone here report the same problem?
Hi,
Please try to disable DTLS setting in FortiGate and check if the issue still persists for iOS client:
config vpn ssl settings
set dtls-tunnel disable
end
Works for me; thank you!!
Thank you @kcheng that also worked for me. Is this a temporary solution and the app will be fixed in a future update?
Hi @xDivour
Thank you for confirming that it worked. I would consider this as a temporary solution. For root cause analysis, we will require the logs from both the client and the FortiGate to further investigate this with our backend team. That said, I would recommend that you open a TAC ticket with us and provide the following debug logs after reverting the DTLS settings:
config vpn ssl settings
set dtls-tunnel enable
end
diag deb console timestamp enable
diag vpn ssl debug-filter src-addr4 <Client's PublicIP>
diag deb app sslvpn -1
diag deb app samld -1
diag deb en
These logs would be helpful for us to further check on the DTLS settings with our backend team. Last but not least, please do upload your configuration file in to the ticket created too.
This is the answer. Many Thanks Kayzie Cheng!! Our TAM didnt know and wouldnt help.
Hi @Tofer
Thank you very much for your confirmation on this. Technically, free version of FortiClient does not come with TAC support contract if it is the FortiClient issue. But we are also looking into the respective for time being. DTLS is a new feature in FortiClient 7.2.2. We do have some investigation going on with our backend team. Kindly keep an eye on our future FortiClient iOS release notes to check if there is any permanent fix on the respective.
Changing DTLS to disable did not fix this for us, IOS devices still stall at connecting. We are on the free version using Azure saml as well.
Hi @tofm
This might be a different issue compared to what the rest is observing here. Please create a ticket in https://forticare.fortinet.com and supply the following output:
diag deb console timestamp enable
diag vpn ssl debug-filter src-addr4 <Client's PublicIP>
diag deb app sslvpn -1
diag deb app samld -1
diag deb en
Post that, initiate connection from the iOS client. Kindly supply the debug output and your configuration file into the ticket so that the engineer can check further on this.
Kcheng, it looks like when I initially disabled DTLS it didn't save. I had done a show full to check that it was disabled and it was but had not saved after that and reverted back to enabled. After confirming its actually disabled now, our VPN IOS users can connect again.
Hi @tofm
That is good to know. Do keep an eye on our future release that fixes the respective where you can then reenable DTLS configuration on the FortiGate.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.