Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ArifS
Contributor

Created on ‎03-23-2023 05:24 PM

How to connect to SSL VPN behind Fortigate

I am trialing Fortigate in AWS environment and trying to connect SSL VPN through FortiClient, but it gives error message. It authenticates and complete 2FA process through FortiAuth but at the end it gives error message Token code is wrong. (-7203). Is there any configuration needed on AWS Fortigate side to establish connection via vpn?

Thanks

Labels:
1917
0 Kudos
4 REPLIES 4
msolanki
Staff
Staff

Created on ‎03-24-2023 04:49 AM

I thinks its issue with  licensing or activation issue on token not something related to AWS or config .

You may refer below KB and verify auth config.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Credential-or-SSL-VPN-configuration-is-wro...

Thanks

Madhav

 

1895
0 Kudos
ArifS
Contributor
In response to msolanki

Created on ‎03-26-2023 04:18 PM

VPN is working from other networks, it just does not work from AWS.

1860
0 Kudos
VinayHM
Staff
Staff

Created on ‎08-03-2023 08:58 PM

Hi @ArifS 

 

1) Make sure to use RADIUS or other servers where the user password is not expired. 

2) If the FortiToken Cloud is used, it is possible to see if the push notification has been enabled or not. 

- It is possible to go to support.fortinet.com and top left go to Services -> Cloud Services -> FortiToken Cloud.
- Disable it on FortiToken-Cloud: Settings -> Realm -> FTM Setting -> Disable Push.
- Remove and recreate user 

3) Try to connect again and assign FortiToken cloud to the relevant user from FortiGate, it should work. 

 

Regards,

 

Vinay HM
1560
0 Kudos
pgautam
Staff
Staff

Created on ‎08-03-2023 09:10 PM

Hi @ArifS

 

It does not need any extra configuration on the AWS FGT end.

As @vinayHM mentioned you can follow the plan steps for the token. 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-token-code-is-wrong-7203-error-in-SSL-VPN-...

 

If still is does not work then please collect the below debug and raise to TAC case.

dia debug reset

dia vpn ssl debug-filter clear

dia vpn ssl debug-filter src-addr4 <public IP > >>>>> test machine public IP

dia debug application sslvpn -1

dia debug application fnbamd -1

dia debug en

 

Regards

Priyanka

 

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

 

1558
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.