I have ssl tunnels back to different branches some are 100f and some are 40/60f firewalls
I’ve noticed that the forticlient VPN app on their windows PC’s very frequently has issues where it won’t connect. it will report the vpn host is not available or offline when all other testing company wide is good…
uninstalling the forticlient vpn app and reinstalling ALWAYS fixes it.
has anyone else experienced this? I find it hard to believe that this level of software would have issues this frequently but my AV logs don’t show it removing portions of the app, the FW logs don’t show them getting blocked. it happens on win 10 and win 11 machines… its annoying to have to do 2-5 re-installs a week.
Same issue here indeed. Sometimes not connecting, or after 5 or 6 times…. Running Windows 10 and 11. Tried version 7.0 7.2 and also 7.4. But same issue occurs random…
At this moment again a support ticket open… but im guessing not much Will come out! So if someone has a solution ….
Yep, lots of intermittent issues across our 200+ users. We’ve been using FortiClient VPN for a couple of years now and always use the latest available client.
As far as VPN clients go, it’s quite slow, clunky, and lots of odd issues that are virtually always resolved with a re-install. We’re aiming to replace it within the next six months with something faster and more secure (likely something that uses the WireGuard protocol).
That’s definitely not my experience, either with the VPN-only version or the full client – and I’ve been using this for years, personally and for various SMB customers.
Some questions:
What version of FortiClient?
What firmware is running on your firewalls?
What AV are you running?
From where are the users trying to connect back to the VPN?
What errors do you see in the EventViewer when these problems occur?
Have you ever tried connecting to your VPN endpoint/port location via the browser alone, when the connectivity issue arises?
All these problems would probably be solved by removing the Forticlient and changing the config on the VPN to use the Native Client on all of those systems.
I had mine on the external interfaces and had issues. Then I moved it to a loop back and a vip, and was able to put policies on the connections like deny for geo and other stuff. That helped a lot.
I’m also in the process of dumping ssl, and moving to IPsec. My testing has proved a much better experience as well as just being faster.
I can’t think of this happening recently to my users on 7.0.9, but in the past, the VPN adapter/driver would sometimes get hung up and a reboot was the fastest way to fix that.
Well we reboot the users pcs too before going through the uninstall/ reinstall
What about the paid version of the client? Any stability gains to be had? We have 1-150 users that use it. So we have a lot of tickets being generated by FortiClient getting messed up. It seems every other time someone goes to work remotely we have to uninstall /reinstall their client.
1 latest version of forticlient as of this wednesday
2 latest firmware release on the main FW people connect to
3 we run fortiEDR auto updated to newest release
4 they are generally trying from their homes in wide open home networks which aren’t blocked- the traffic never even hits my FW logs when they have an issue, i can remote into their PC and see it happen real time confirming they are in fact internet facing but then i uninstall and reinstall and the VPN connects fine no other issues.
5 i didn’t look at event viewer sorry
6 i hadn’t considered trying to connect via the browser either, that’s something I’ll try Monday morning as i have a couple tickets pending i can use as guinea pigs.
its also worth saying these are vanilla install of windows 11 very sparing GPO policies and auto updates enforced so running latest patches.
fortiEDR is poo so i wouldn’t at all be surprised if it is fucking up its own vpn client. we have a few subsidiaries with their own IT depts who implemented fortiEDR and even after many hours of work creating playbooks and exceptions we all noted that our DHCP/DNS servers occasionally lock up and our SQL servers eat up all their resources and need rebooting every few weeks since fortiEDR was rolled out on them, too many separate domains / locations with one common denominator, but fortinet support denied denied denied so stay tuned for their next product… fortijudas
So we have a lot of tickets being generated by FortiClient getting messed up.
If a clean install of the app works, but a few days or weeks later, it doesn’t, then something is changing in the environment post-deployment. And, it’s not FortiClient, because the VPN-only version of FortiClient doesn’t get remote updates from anywhere. It is exactly the same product that you deployed, days/weeks later.
“latest version of…” is not really helpful language, as there are three current branches available from fortinet for its firewalls, and I have no way of knowing if you’re one of the adventurous folks on 7.4 1, or someone who is okay with a feature release in production running 7.2.6, or someone who only sticks to the mature branch of 7.0.13.
Providing actual numbers is better, and reduces the chance of any misunderstandings.
Same for the actual FortiClient version.
I have no idea what you believe to be the current latest version – and I’m not saying this to be any kind of knock on you. We’ve had instances in the past where one method for downloading firmware versions was not in sync with other methods, and so what people assumed was the latest version was not.