Dear all
I need some insights from you who have more experience with forticlients than I do.
Our customer has a fortigate (7.2.10) with ssl vpn configured. Our customer offers ssl vpn connection to partners and suppliers of theirs.
A few days ago one of the suppliers mentioned, that their new user can't connect to the ssl vpn.
We figured out that they got the wrong password. Strangely, I wasn't able to see all the connection tries from said supplier. Only a few.
Yesterday, we had a call - supplier, our customer and us. They exchanged passwords again, supplier tried conneciton. It worked.
All logs on FAC and traffic logs on FGT were fine. Look marvellous.
A few hours later I got a call "it still doesn't work".
This time again - no logs in FAC and no traffic logs. We were able to do some live sessions and then I saw it.
We received SYN packets from the supplier from their expected public IP, but FGT didn't reply (no ACK).
The forticlient (7.4.3 - free, vpn only) in use from the supplier stopped at 40% and after about 15s or so timed out. There was no pop up with certificates or such.
As I only saw SYNs, I realised that this likely is the reason why I didn't see traffic logs from all the alleged connection tries from the supplier.
As it worked a few hours prior and now it doesn't I was stumped.
Thank you very much in advance
If it was a tls negotionation issue, then why does it happen intermittent? If it was a certificate pop up waiting for approval, then why isn't there one on the desktop and why does it time out after 15s or so?
Next step would be recommending to use the latest forticlient 7.2.x
And if that doesn't work, I sure need to debug the transaction (but since I never get an ACK, I didnt even try the first time).
Anyone an idea what I could check in particular to find out more?
Hi,
Have you tried diagnose debug application sslvpn? It usually give why the traffic in not processed in debug output.
Make sure port is not conflicted with https interface.
Ususally there are "notification" menu on forticlient, maybe there are some info can be found there.
Best regards.
FWD~
Hello FWD~
Thank you for your reply.
I haven't tried to debug yet, as in the cases it doesn't work I only see SYN packets - so I figured it won't help much. However, I will try to do that at the next meeting.
The ssl vpn interface or configuration on the fortigate is being used by over a hundred other clients. So far I haven't any information about global issues.
Again, it does work - but not always...
I will have a better look at the forticlient at the next meeting
Thank you and much appreciated
Hi scheuri1,
Is the issue happening to all users?
Can you confirm the FGT model and is there any remote auth is used (LDAP,Radius,Saml). Can you share the config,sslvpn debug,sniffer logs to sferoz@fortinet.com for more review
User | Count |
---|---|
2546 | |
1354 | |
795 | |
643 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.