Recently started seeing intermittent issues with users trying to login via the SSL VPN in which they get a number of errors that basically say that it can’t find the site or a cert issue. It will last anywhere from 10 minutes to 150 minutes, in which, only users trying to login are impacted but once what ever is causing this is over the users can log back in.
It’s been very hard to track down since it occurs at random times, doesn’t last long and only impacts users logging in but I have caught it in the act a few times. Running debugs, for SSL and SAML, the login process starts successfully but it’s when it’s in the process of communicating with Azure there appears to be a break down. I’ve sent the logs to tac but have yet to get much in the way of useful feedback but they have confirmed that the SAML process isn’t completing.
I’m currently running 6.4.9 on my Fortigates and 7.0.1 Forticlients. I have been able to test a number of settings changes but that hasn’t fixed the issue. I’ve also set up another Fortigate with a similar setup, running 7.2.1, at another location to test to see if it was the firmware along with a few other variables. When I was able to catch this issue in the act, both Fortigate’s were impacted and both Fortigate’s cleared up to allow logins at the same time.
Has anyone else ran into this issue? If you have, any root cause or fixes for it?
I’ve actually got an active case with development on this exact thing. Downgrade to 6.4.8 and it should work without issue.
Have screenshots of the errors and or the codes?
Firewall model?
Seeing this intermittently as well.
6.4.9 & 7.0.7(latest) client.
Not very often. But often enough.
https://imgur.com/a/V6Sbnve
Update:
The issue occurred twice since posting this, while my Fortigate 100F’s running 6.4.9 through the familiar errors that prevented users from logging, my test unit, 100F, was now running 7.0.6 and that was working.
The first time the issue popped up, nothing was in place to get logs and just had enough time to test out with two laptops but the second time I was able to collect logs. From the logs, 7.0.6 was successfully processing the SAML authentication process while 6.4.9 was hanging up.
Update 2:
Took a bit but I finally updated the Fortigates to 7.0.6, which then came the scramble to 7.0.7 and then a ‘ehhhh, why not?’ to 7.0.8. Since upgrading to 7.0.6, along with .7 and .8, I have not ran into the issue of users not able to login via SAML that I was before. I’m still monitoring but it appears that from 7.0.6 to .8 has resolved the issue or is more tolerant to what’s happening in Azure.
I don’t still don’t have a root cause for why this is occurring, why it’s random and why it’s intermittent. I have continued to send logs to Fortinet when requested but they aren’t saying much. IMO, the issue is still with Microsoft but as of now I have yet to run into it again since upgrading.
Yes, our team encountered this behavior after a recent windows update.
Forticlient on linux , android and ios were working perfectly fine, just windows clients were affectected either not connecting (98%) or got disconnected immediately or a few minutes.
I don’t know the windows update that caused this , but you might try uninstalling, rebooting, and reinstalling forticlient. Seems to have worked for our team.
Running 100F’s at both sites.
For error codes, I have three main ones and a few minor ones. For the main ones:
-8 Unable to establish the vpn connection. The server may be unreachable.
-5 Unable to establish the vpn connection. The VPN server may be unreachable or your identify certificate is not trusted.
-11 The server you want to connect to request identification, please choose a certificate and try again.
The minor ones are the 65005 and 65007. I am not certain these are part of the main issue but have gotten screen shots from users that weren’t able to login.
Was a bit worried about the version, but I did test with 7.2.1 but was only able to catch it once when I was able to be in a position to test so this could be a one off. Have you had any luck with 6.4.10?
98% issue we also experienced which was resolved after firmware downgrade to 6.4.8 from 6.4.9 on 100F. Uninstall/reinstall made no change in behavior. Sounds like something different.
I experience the exact same errors with our 100Fs on 6.4.9 and 6.4.10.
We have 201Es running 6.4.9 without issue.
I wonder if it is a 100F 6.4.9/6.4.10 issue. We had to revert firmware upgrade due to the number of issues it caused.
I’ll keep you posted what we find.
Thanks for the response, it’s been a pain trying to troubleshoot since it’s been so random/intermittent. Have you discovered anything that triggers it or causes it?
Feel free to DM me and I can go into more detail on what I’ve found.