I have a user that i setup for ssl vpn connection with the forticlient 7.0.8. the device is having trouble conencting and stops at 20% this happened after some required software was installed. Is there anything that anyone knows of that would interfere with forticlient from connecting to a ssl vpn?
thanks
Solved! Go to Solution.
Apparently forticlient ssl VPN needs the windows telephony service to be running. This is why the client would stop at 20%. Also the remote access connection manager is involved which needs the telephony service to work.
Hello,
You may refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Possible-reasons-for-FortiClient-SSL... for possible reasons of SSLVPN stuck at certain percentage.
Steps to narrow down the issue:
1. Is this happening to single user only? (other users can connect to the VPN?)
2. Was it working fine in a previous FCT version, eg FCT 7.0.7 or 6.4.x?
3. Open a browser and enter your VPN gateway FQDN:port, is the web portal accessible?
Yes i can get to the web portal and login that way but the foticlient doesnt connect. just stops at 20% and goes back to login screen.
Hello @Taylor_Res
- If you are unable to connect to VPN, it hung at 20% or 40%
- Could you please confirm if you are getting any warning related to the certificate being used for SSL-VPN.
- Please share the exact error message you are getting when it is stuck at 20%
- execute the below commands and then initiate the connection via Forticlient
diag debug reset
diag debug application fnbamd -1
diag debug appl sslvpn -1
diag debug enable
to disable log run below command
di de disable
Thanks,
Pavan
I will try this but it seems like the client isnt even getting to the fortigate. Seems more like there is a conflict with some other software installed on the laptop. Im trying to pinpoint that now as it was working and is not working now. Or maybe its related to an intel driver for wifi card. its very strange.
Created on 04-28-2023 08:04 AM Edited on 04-28-2023 08:15 AM
No the client is not even getting to the fortigate for there to be any diagnostics.
im seeing this in the fortigate logs for vpn
Action ssl-exit-error
Reason DH lib
Hi Taylor,
20% does sound like no connection is really made. The SSL error might fit.
You might check if your FortiClient is very old. Your browser seems to connect to the address fine. You could try with a packet capture on the client and see what gets sent/received and what client and server are talking to each other. It might be a TLS negotiation error.
Best regards,
Markus
seems to be related to a group policy object on my domain. once i connected the device to the domain the vpn stopped connecting.
Apparently forticlient ssl VPN needs the windows telephony service to be running. This is why the client would stop at 20%. Also the remote access connection manager is involved which needs the telephony service to work.
You can try following below:
Disable any firewall or antivirus software that is currently active on your computer and then try to connect once more.
Look through the logs on the FortiGate firewall and the FortiClient SSL VPN client for any error messages or warnings that could point to the problem's root.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.