Windows started up but tunnel did not come up
If you confirmed that FortiClient received the Remote Access profile updates from EMS and that you can establish the tunnel manually, verify the configuration by doing the following.
To verify the configuration:
- Enable
diagnose debug application fnbamd -1
debugs on the FortiGate. - Restart the Windows computer.
- If upon restart, no debugs appear, the device has not attempted VPN connection.
- On EMS, edit the Remote Access profile currently assigned to the endpoint policy.
- In XML view, verify under the global
<options>
settings that<on_os_start_connect>
is configured and assigned the machine-cert-vpn-auto tunnel.