Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Destan
New Contributor

Created on ‎01-18-2023 02:27 AM

SSL VPN disconnecting after 5 mins

Hi,

 

Please help as I am experiencing all users getting disconnected from VPN after 5mins. All of them are using different networks to connect to VPN. No changes has been done previously and it just happened suddenly.

Appreciate your help!!! TIA!

 

Below is the logs for the VPN.

sslvpn FortiSslvpn: 19908: Error find interface for local_gwy 7486d40a
1/18/2023 9:56:44 AM error sslvpn (repeated 1 times in last 0 sec) FortiSslvpn: 19908: Error find interface for local_gwy 7486d40a
1/18/2023 9:56:47 AM info system date=2023-01-18 time=09:56:46 logver=1 id=96900 type=traffic subtype=system eventtype=traffic level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=10.212.134.116 devicemac=00-09-0f-aa-00-01 site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TEFE msg="Traffic log" sessionid=4066011305 srcname=sslvpn srcip=10.212.134.116 srcport=0 direction=outbound dstip=203.125.68.206 dstport=8443 proto=6 rcvdbyte=262090447919 sentbyte=128857242925 utmaction=passthrough utmevent=vpn threat=disconnect userinitiated=0 browsetime=0
1/18/2023 9:57:12 AM error sslvpn date=2023-01-18 time=09:57:11 logver=1 id=96603 type=securityevent subtype=sslvpn eventtype=error level=error uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TERASAKI.COM.SG msg="SSLVPN tunnel connection failed" vpnstate= vpntunnel=TEFE vpnuser=TEFEPurchase remotegw=203.125.68.206
1/18/2023 9:57:25 AM info sslvpn FortiSslvpn: 16796: fortissl_connect: device=ftvnic
1/18/2023 9:57:25 AM info sslvpn FortiSslvpn: 21584: PreferDtlsTunnel=0
1/18/2023 9:57:30 AM info system date=2023-01-18 time=09:57:29 logver=1 id=96900 type=traffic subtype=system eventtype=traffic level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TEFE msg="Traffic log" sessionid=2877864672 srcname=sslvpn srcip=10.212.134.116 srcport=0 direction=outbound dstip=203.125.68.206 dstport=8443 proto=6 rcvdbyte=270582941488 sentbyte=133143990411 utmaction=passthrough utmevent=vpn threat=connect userinitiated=0 browsetime=0
1/18/2023 9:57:30 AM info sslvpn date=2023-01-18 time=09:57:29 logver=1 id=96600 type=securityevent subtype=sslvpn eventtype=status level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TERASAKI.COM.SG msg="SSLVPN tunnel status" vpnstate=connected vpntunnel=TEFE
1/18/2023 9:58:23 AM error sslvpn FortiSslvpn: 10644: error: poll_recv_ssl -> SSL_get_error(): 1
1/18/2023 9:58:23 AM error sslvpn FortiSslvpn: 10644: error: poll_recv_ssl -> WSAGetLastError():0
1/18/2023 9:58:23 AM info sslvpn FortiSslvpn: 10644: error: polling recv, try:99
1/18/2023 9:58:25 AM info sslvpn FortiSslvpn: 3064: Ras: connection to fortissl terminated
1/18/2023 9:58:25 AM info system date=2023-01-18 time=09:58:25 logver=1 id=96900 type=traffic subtype=system eventtype=traffic level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TEFE msg="Traffic log" sessionid=2877864672 srcname=sslvpn srcip=10.212.134.116 srcport=0 direction=outbound dstip=203.125.68.206 dstport=8443 proto=6 rcvdbyte=270583459198 sentbyte=133144234056 utmaction=passthrough utmevent=vpn threat=disconnect userinitiated=0 browsetime=0
1/18/2023 9:58:51 AM info sslvpn FortiSslvpn: 15948: fortissl_connect: device=ftvnic
1/18/2023 9:58:51 AM info sslvpn FortiSslvpn: 5864: PreferDtlsTunnel=0
1/18/2023 9:58:56 AM info system date=2023-01-18 time=09:58:55 logver=1 id=96900 type=traffic subtype=system eventtype=traffic level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TEFE msg="Traffic log" sessionid=2026784012 srcname=sslvpn srcip=10.212.134.116 srcport=0 direction=outbound dstip=203.125.68.206 dstport=8443 proto=6 rcvdbyte=279172876080 sentbyte=137438956458 utmaction=passthrough utmevent=vpn threat=connect userinitiated=0 browsetime=0
1/18/2023 9:58:56 AM info sslvpn date=2023-01-18 time=09:58:55 logver=1 id=96600 type=securityevent subtype=sslvpn eventtype=status level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TERASAKI.COM.SG msg="SSLVPN tunnel status" vpnstate=connected vpntunnel=TEFE
1/18/2023 10:00:04 AM error sslvpn FortiSslvpn: 20068: error: poll_recv_ssl -> SSL_get_error(): 1
1/18/2023 10:00:04 AM error sslvpn FortiSslvpn: 20068: error: poll_recv_ssl -> WSAGetLastError():0
1/18/2023 10:00:04 AM info sslvpn FortiSslvpn: 20068: error: polling recv, try:61
1/18/2023 10:00:06 AM info sslvpn FortiSslvpn: 4980: Ras: connection to fortissl terminated
1/18/2023 10:00:06 AM info system date=2023-01-18 time=10:00:06 logver=1 id=96900 type=traffic subtype=system eventtype=traffic level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TEFE msg="Traffic log" sessionid=2026784012 srcname=sslvpn srcip=10.212.134.116 srcport=0 direction=outbound dstip=203.125.68.206 dstport=8443 proto=6 rcvdbyte=279175912340 sentbyte=137439389132 utmaction=passthrough utmevent=vpn threat=disconnect userinitiated=0 browsetime=0
1/18/2023 10:00:28 AM info sslvpn FortiSslvpn: 21312: fortissl_connect: device=ftvnic
1/18/2023 10:00:28 AM info sslvpn FortiSslvpn: 12384: PreferDtlsTunnel=1
1/18/2023 10:00:33 AM info system date=2023-01-18 time=10:00:32 logver=1 id=96900 type=traffic subtype=system eventtype=traffic level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TEFE msg="Traffic log" sessionid=1720014945 srcname=sslvpn srcip=10.212.134.116 srcport=0 direction=outbound dstip=203.125.68.206 dstport=8443 proto=6 rcvdbyte=287762810672 sentbyte=141733923906 utmaction=passthrough utmevent=vpn threat=connect userinitiated=0 browsetime=0
1/18/2023 10:00:33 AM info sslvpn date=2023-01-18 time=10:00:32 logver=1 id=96610 type=securityevent subtype=sslvpn eventtype=status level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TERASAKI.COM.SG msg="SSLVPN(DTLS) tunnel status" vpnstate=connected vpntunnel=TEFE
1/18/2023 10:11:51 AM info sslvpn FortiSslvpn: 22148: Ras: connection to fortissl terminated
1/18/2023 10:11:51 AM error sslvpn FortiSslvpn: 10276: Error find interface for local_gwy 7486d40a
1/18/2023 10:11:50 AM error sslvpn (repeated 1 times in last 0 sec) FortiSslvpn: 10276: Error find interface for local_gwy 7486d40a
1/18/2023 10:11:53 AM info system date=2023-01-18 time=10:11:52 logver=1 id=96900 type=traffic subtype=system eventtype=traffic level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TEFE msg="Traffic log" sessionid=1720014945 srcname=sslvpn srcip=10.212.134.116 srcport=0 direction=outbound dstip=203.125.68.206 dstport=8443 proto=6 rcvdbyte=287783424510 sentbyte=141735764900 utmaction=passthrough utmevent=vpn threat=disconnect userinitiated=0 browsetime=0
1/18/2023 10:20:44 AM info sslvpn FortiSslvpn: 22456: fortissl_connect: device=ftvnic
1/18/2023 10:20:44 AM info sslvpn FortiSslvpn: 18912: PreferDtlsTunnel=0
1/18/2023 10:20:48 AM info system date=2023-01-18 time=10:20:47 logver=1 id=96900 type=traffic subtype=system eventtype=traffic level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TEFE msg="Traffic log" sessionid=296235702 srcname=sslvpn srcip=10.212.134.118 srcport=0 direction=outbound dstip=203.125.68.206 dstport=8443 proto=6 rcvdbyte=296352745264 sentbyte=146028892244 utmaction=passthrough utmevent=vpn threat=connect userinitiated=0 browsetime=0
1/18/2023 10:20:48 AM info sslvpn date=2023-01-18 time=10:20:48 logver=1 id=96600 type=securityevent subtype=sslvpn eventtype=status level=info uid=156FA4C93737464F8143B33FE5CC4BCD devid=FCT8000119149173 hostname=ITSan-NB pcdomain=terasaki.com.sg deviceip=192.168.1.233 devicemac=50-2f-9b-cb-e6-2f site=N/A fctver=7.0.0.0029 fgtserial=FCT8000119149173 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 22000)" user=itsan@TERASAKI.COM.SG msg="SSLVPN tunnel status" vpnstate=connected vpntunnel=TEFE
1/18/2023 10:26:53 AM error sslvpn FortiSslvpn: 12656: error: poll_recv_ssl -> SSL_get_error(): 1
1/18/2023 10:26:53 AM error sslvpn FortiSslvpn: 12656: error: poll_recv_ssl -> WSAGetLastError():0
1/18/2023 10:26:53 AM info sslvpn FortiSslvpn: 12656: error: polling recv, try:1
1/18/2023 10:26:55 AM info sslvpn FortiSslvpn: 19272: Ras: connection to fortissl terminated

 

Labels:
1683
0 Kudos
3 REPLIES 3
akanibek
Staff
Staff

Created on ‎01-18-2023 03:48 AM

Dear Destan,

could you follow these links:

-Usually we get codes after this error which can be converted and compared to point out to the reason causing it but yours has code 0.
https://community.fortinet.com/t5/FortiClient/Technical-Tip-Interpreting-WSAGetLastError-in-FortiCli...
https://learn.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2
https://microsoft.public.win32.programmer.networks.narkive.com/YFiPomlD/wsagetlasterror-always-retur...

I am attaching another document for checking this issue at your end as well:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-disconnection-issues-when-connecte...

 

What is your FGT version? 

Do you have an issue with FortiClient, or web ssl vpn mode as well? What are your FortiClient firmware versions?

 

 

Asset
1671
0 Kudos
Destan
New Contributor
In response to akanibek

Created on ‎01-18-2023 04:22 AM

Hi,

My fortigate version is 6.2.10, forticlient is 6.0.10

1667
0 Kudos
akanibek
Staff
Staff
In response to Destan

Created on ‎02-16-2023 10:46 AM

Dear customer, it seems more FortiClient issue. 

From the logs I somehow found your actual Forticlient version is - 7.0.0

Try to collect logs and reproduce the issue (wait for unless you disconnected):

 

show vpn ssl settings

diag debu console timestamp enable

diag debug app fnbamd -1

diag debug app sslvpn -1

diag vpn ssl debug-filter src-addr4 <client-public-ip>

diagnose debug enable

 

 

 

Asset
1522
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.