This configuration can be changed in the WebUI (SSL VPN settings) as well. The idle-timeout is closing the SSLVPN if the connection is idle for more than 5 minutes (300 seconds). If the SSLVPN connection is established, but the connection stops after some time, you should double-check the following two timeout values on the FortiGate configuration: (once the negotiation is done or stopped you can disable the debugger) (now try to establish the SSLVPN connection) The CLI real-time debugger allows monitoring of the SSLVPN negotiation: – The Host could not be contacted (no answer to the TCP SYN packet) General debugging of the SSLVPN negotiation Other error messages «Unable to establish the VPN connection.
Duo fortinet vpn software#
This can probably be solved by reinstalling the FortiClient software on the computer.
Duo fortinet vpn how to#
And this KB article explains how to check the TLS versions on a windows client. This KB article describes how to check the TLS versions for SSLVPN on the FortiGate. If the client is using CRL or OCSP make sure that the FortiGate certificate can be checked against those protocols.Īdditionally, it is possible that the TLS versions of Client and FortiGate are not matching. Make sure that this popup window is not hidden behind other windows. In this case the user is shown a popup window to confirm the validity of the certificate. If you are using the default FortiGate certificate, the client is probably not trusting this certificate.
![duo fortinet vpn duo fortinet vpn](https://www.miniorange.com/images/fortinet/fortinet-vpn-radius-server-configures.png)