- Go to VPN > SSL-VPN Settings.
- Confirm that SSL VPN is enabled.
- Check the SSL VPN port assignment.
- Check the Restrict Access setting to ensure the host you are connecting from is allowed.
- Go to Policy > Firewall Policy.
- Check that the policy for SSL VPN traffic is configured correctly.
- Check the URL you are attempting to connect to. It should follow this pattern:
- Check that you are using the correct port number in the URL. Ensure FortiGate is reachable from the computer.
ping <FortiGate IP>
- Check the browser has TLS 1.1, TLS 1.2, and TLS 1.3 enabled.
- Check the Release Notes to ensure that the FortiClient version is compatible with your version of FortiOS.
- FortiClient uses IE security setting, In IE Internet options > Advanced > Security, check that Use TLS 1.1 and Use TLS 1.2 are enabled.
- Check that SSL VPN ip-pools has free IPs to sign out. The default ip-poolsSSLVPN_TUNNEL_ADDR1 has 10 IP addresses.
- Export and check FortiClient debug logs.
- Go to File > Settings.
- In the Logging section, enable Export logs.
- Set the Log Level to Debug and select Clear logs.
- Try to connect to the VPN.
- When you get a connection error, select Export logs.
- A new SSL VPN driver was added to FortiClient 5.6.0 and later to resolve SSL VPN connection issues. If your FortiOS version is compatible, upgrade to use one of these versions.
- Latency or poor network connectivity can cause the login timeout on the FortiGate. In FortiOS 5.6.0 and later, use the following commands to allow a user to increase the SSL VPN login timeout setting.
config vpn ssl settings set login-timeout 180 (default is 30) set dtls-hello-timeout 60 (default is 10) end
This might occur if there are multiple interfaces connected to the Internet, for example, SD-WAN. This can cause the session to become “dirty”. To allow multiple interfaces to connect, use the following CLI commands.
If you are using a FortiOS 6.0.1 or later:
config system interface edit <name> set preserve-session-route enable next end
If you are using a FortiOS 6.0.0 or earlier:
config vpn ssl settings set route-source-interface enable end
- Go to VPN > SSL-VPN Portals and VPN > SSL-VPN Settings and ensure the same IP Pool is used in both places.
Using the same IP Pool prevents conflicts. If there is a conflict, the portal settings are used.
Many factors can contribute to slow throughput.