This article describes common stages of SSL VPN errors when it stops negotiating at specific percentage while establishing the FortiClient SSL VPN.
Percentage and possible issue:
– The issue is usually due to network connection.
– Check whether the PC is able to access the internet and reach VPN server on necessary port.
– Check whether correct remote Gateway and port is configured in FortiClient settings.
– Also need to confirm whether the server certificate has been selected in FortiGate SSL VPN settings.
– This can also be due to the reason when FortiClient pops a new window asking to proceed as the certificate is un-trusted.
– SSL/TLS Certificate Check.
– It means that there is a TLS version mismatch & usually shows Error -5029.
– Application or the FortiGate causing the error, occasionally caused by the local machine/network setup.
– 2FA issue.
– At this stage, check username and password is enter correctly or not.
– Check user, user group and it usually happens if the user is not in the correct user group that has VPN access.
– If an individual has configured user group in the SSL VPN settings then always configured user group in the firewall policy and if user is configured in the SSL VPN settings then configured user in the firewall policy.
– The corresponding policy for the users has not been configured.
– Also check whether correct Realm is being used if configured any.
– In this stage the issue usually occurs due to the corrupted installation of FortiClient or OS problems.
– Check by reinstalling the FortiClient software on the PC.