SSL state:SSLv3 write key exchange A (1.1.1.1)) SSL state:SSLv3 write certificate A (1.1.1.1)) SSL state:SSLv3 write server hello A (1.1.1.1)) SSL state:SSLv3 read client hello A (1.1.1.1) I enabled TLS 1.2 (you could also do 1.1) and and tried to reconnect – all worked great. On the client that was not working I opened up IE – went to settings, then to advanced. The fix was to make sure that IE supported the necessary protocols. So the Forticlient is using the security settings within Internet Explorer. ![]() Notice that TSLV1-0 is disabled – this great for security as TLS 1 and 2 are much more secure than 0, but in this case the client was not trying to use 1-2 but only 0. After some digging I found that before the upgrade the following protocols were allowed in the SSL-VPN settings in CLI. SSL state:SSLv2/v3 read client hello A:(null) (1.1.1.1) SSL state:before/accept initialization (1.1.1.1) Note – I changed the IP from the real to 1.1.1.1 I then debugged the SSL VPN application and found that the following logs appeared. After some diagnostics on the firewall I found the user could authenticate, and reach the FW. This problem started after upgrading the Fortigate from a very old 5.2.3 to the latest 5.4 firmware – 5.4.7.Įverything went great with the upgrade,but the client would bomb out at 40 percent with “VPN server maybe unreachable” when attempting to connect. ![]() Recently I had an issue with a SSL VPN user who could not connect to the Fortigate.
0 Comments
Leave a Reply. |