Re: FortiClient vpn issue

cravikumar · 01-08-2026

Description This article describes why the device does not reflect as an HA cluster being selected in the automation stitch on the security fabric root. Scope FortiGate. Solution When trying to add the current HA cluster in the FortiGate(s) of the au...

cravikumar · 01-06-2026

Description This article describes why Cisco SCCP phones repeatedly reboot every 8-10 minutes when a FortiGate times out the TCP session on port 2000, causing subsequent keep-alive packets to be dropped. Scope FortiGate. Solution Consider the followi...

cravikumar · 11-09-2025

Description This article describes how to troubleshoot and resolve the Let's Encrypt certificate renewal error. Specifically, it addresses the issue: 'Domain authorization for vpn.example.com failed. CA considers answer to challenge invalid'. Scope F...

cravikumar · 10-23-2025

Description This article describes an issue where an automation stitch configured to trigger an alert email during a device reboot fails to send the email during the actual reboot process. Scope FortiGate v7.4.8 Solution During test triggers, the ema...

cravikumar · 10-22-2025

Description This article describes how to use NULL encryption on a FortiGate to intentionally bypass ESP decryption during controlled diagnostic testing. Scope FortiGate. Solution In some cases, such as troubleshooting packet loss or performance issu...

cravikumar · 09-10-2024

Topology 1:Azure-VM --- S2S --- On-Prem Topology 2:Phy-FGT --- S2S --- On-Prem Topology 3:Azure-VM --- S2S --- On-Prem --- S2S --- Phy-FGT Is this your topology? If yes, you can just update the routing table and point the destination to the correct o...

cravikumar · 09-09-2024

What's the FOS version? Run below debugs and attach the output. dia debug resetdia debug application sslvpn -1dia debug application samld -1dia debug enable https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Companion-for-troubleshooting...

cravikumar · 07-30-2024

If you delete the services, you can't reference it under policy and objects but the services will still be active. Use local-in policy to block services. https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-open-ports/ta-p/189671

cravikumar · 07-27-2024

Hello, What's the FortiClient version? At what percent the connection stop? Enable FCT debug and check the reason for failure. Refer to the link below on how to enable debug log in FortiClient. https://community.fortinet.com/t5/FortiClient/Technical-...

cravikumar · 07-24-2024

What's your topology? Run a sniffer and check the source mac of the incoming traffic and make sure it's the same as blocked mac. Sniffer: dia sniffer pack any "host x.x.x.x" 6 0 a https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-...

User Statistics

User Activity

Troubleshooting Tip: Automation stitch destination fails to save the ha cluster due to mismatched HA group id

Troubleshooting Tip: Cisco SCCP (Skinny Client Control Protocol) phone registration drops and reboots every 8–10 minutes

Troubleshooting Tip: Let's Encrypt certificate renewal failed with error: 'Domain authorization failed and CA considers answer to challenge invalid'

Technical Tip: Alert emails are not being triggered when the FortiGate is rebooted

Technical Tip: Skipping ESP decryption using NULL encryption for troubleshooting in a lab environment

Re: Forward traffic through Site to site VPN