Fortinet VPN basic troubleshooting

3rd May 2021

Uncategorised

Here are the troubleshooting steps i use

1 sign on to the user PC using TeamViewer/Splashtop or similar

2 verify client is correct version. v7.0 is available now, Fortinet has re-arranged their website, there are multiple products all named similarly. Lots of confusion here. If in doubt, re-install.

3 verify settings are correct in the client

4 attempt a connection while looking at the Firewall web interface, VPN, IPsec tunnels, under status click # dialup connections

5. hover over connections until you find the user in question. This makes sure you are connecting to the firewall you expect. The client could be connecting to a VPN tunnel you are not expecting ie the iOS VPN tunnel which doesn’t have permissions to get to where the user wants to go. But usually if the phase1 negotiation selects the wrong connector it just fails.

Next try and do a ping to the inside interface of the firewall. If you cannot that is a good indication that the problem is either routing or protocols on the client end.

Disable IPv6 if it is enabled

Disable any non-Microsoft Firewall product

IF this is a NEW VPN connection:
Lookup the external address on your firewall and don’t use tools like http://whatsmyip.org
they report the closest public IP to you, which isn’t always the IP of your firewall.
Double NAT is a problem where your firewall does NAT but so does the ISP provided, upstream hardware that your firewall is plugged into.
The normal solution is to put the ISP hardware into Bridge Mode.

tracert shows hop 2 which is the ip address of the upstream ISP router

If the ISP router uses Connection Mode DHCP, switching to Bridged mode is an easy fix.
If the Connection Mode is PPPoE, you will need to write down the username and password from your ISP hardware and re-enter that in YOUR firewall.

after the ISP hardware is in Bridge Mode there won’t be any web interface. The wifi may stop working, if it has any. To reset the device back to NAT/Router mode you will need to hold down the hardware reset button for 10 seconds. It will take a full 5 minutes for it to come back to life.