Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
piaakit1210
New Contributor III

Created on ‎12-12-2023 12:09 AM

cloudflair cdn proxy forward to fortigate to connect SSL VPN not work

Dear All,

 

           One of our customer is using cloudflair with cdn proxy forward to fortigate to connect SSL VPN, and the web portal could connect and login without any issue, but when its connect via the forticlient , its doesn't seen to reach the gateway with the following warning, but sometime its could connect, does any know seen such issue ? any help would be appreicated, Thanks 

 

 

unable to establish the vpn connection. the vpn server may be unreachable. (-16)  

Labels:
1676
0 Kudos
9 REPLIES 9
Stephen_G
Moderator
Moderator

Created on ‎12-14-2023 10:49 AM

Hello piaakit1210,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen - Fortinet Community Team
1595
Stephen_G
Moderator
Moderator

Created on ‎12-18-2023 04:10 AM

Hello piaakit1210,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Stephen - Fortinet Community Team
1562
piaakit1210
New Contributor III

Created on ‎12-20-2023 08:18 PM

thank you

1517
0 Kudos
fatihseyligli
Staff
Staff

Created on ‎12-21-2023 12:41 AM

Hello,

 

Can you please try to try to disable TLS 1.0 / 1.1 in internet options if it's already enabled?

 

By the way, which version of FortiClient you're using currently?

 

Thanks & Regards

 

 

 
 
1498
0 Kudos
hbac
Staff
Staff

Created on ‎12-21-2023 07:52 AM

Hi @piaakit1210,

 

Can you doublecheck and make sure the correct Remote Gateway and port are configured in FortiClient settings. Have you tried from a different computer and FortiClient version?

 

Regards, 

1486
0 Kudos
piaakit1210
New Contributor III
In response to hbac

Created on ‎01-02-2024 07:03 PM

sorry for late reply, i was using forticlient 7.2.3, and i double checked the port are correctly configurated in forticlient, and already disabled TLS 1.0 / 1.1 in internet options

 

keith 

1379
0 Kudos
hbac
Staff
Staff
In response to piaakit1210

Created on ‎01-03-2024 09:01 AM

Hi @piaakit1210

 

Please run packet captures on the FortiGate and replicate the issue to see if it actually reaching the Fortigate or not. Assuming you are using port 10443 for SSLVPN. 

 

di sniffer packet any 'port 10443' 4 0 l 

 

Regards, 

1365
0 Kudos
piaakit1210
New Contributor III

Created on ‎01-18-2024 12:35 AM

sorry i,m new in fortigate, can you guide me how to do packet capture in fortigate, is below correct ?

 

packet capture - wan1 -

1303
0 Kudos
hbac
Staff
Staff
In response to piaakit1210

Created on ‎01-18-2024 05:54 AM

@piaakit1210,

 

Please refer to this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Packet-Capture-on-FortiOS-GUI/ta-p/1...

 

Regards, 

1293
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.