Question

Hi all!

I have a RUTX11 at home, with a default set up. My employer has started using FortiClient as VPN service and I cannot get the FortiClient VPN connection to work with my RITX11. It works fine if I use my phones mobile Hotspot so it not any setting on my computer, it must be something in the RUT that stops FortiClient.

I get an upload connection but not download. Does anyone know what I need to set-up/open on the RUTX11?

I can use other VPN services through my RUTX11 but not the FortiClient.

/Thomas

Answer 1

Hello,

Sorry for the late reply.

Could you please share your topology and configuration?

Best regards,

Žygimantas

Comments

Hi, I have exactly the same problem. Trying to connect PC with Forticlient SSL-VPN installed to corporate network. It works everywhere except with RUTX11. Do you have any solution ?

Configuration:

PC-> RUTX11 wifi-> RUTX11 mobile network

---

I assume that by Forticlient, you refer to a Windows application.

Based on the Fortinet documentation, the connection requires certain ports on the router's firewall to be open.

These ports include:

• TCP 443, 8001, 80. 
• UDP: 500, 4500.

Ports can be opened in Network -> Firewall -> Traffic rules section, by selecting Open Ports in router in Add new instance section at the bottom of the page. An example of the port configuration is below:

For testing, to see if it is the firewall issue from the router's side, you could try to disable the firewall at all. To achieve this, you would need to access the device via SSH, and execute the following command: 

• /etc/init.d/firewall stop

Then try to connect your PC with Forticlient. To reenable firewall, execute the following command:

• /etc/init.d/firewall restart

Best regards,

---

Hi,

I tried both variants (stop Firewall, and open separete ports), but there is no change. I find log files from forticlient, and the errors is:

msg="locip=y.y.y.y locport=500 remip=x.x.x.x remport=500 outif=0 vpntunnel=XXXXXX status=negotiate_error No response from the peer, phase1 retransmit reaches maximum count..." vpntunnel="XXXXXXX" vpntype=ipsec

Any other idea, how to proceed ?

---

Still waiting for solution. I can add that when I execute:  /etc/init.d/firewall stop , all the traffic stop. When I restart the router, firewall is started automatic, so generally there is no effect. Please give another advice, because this class of devices should work with such a basic functionalities, like connection with  VNP through them. I never had problems like this with older low class routers.

 

---

Hi,

Could you please take a look at THIS thread? Also, one of the threads on Fortinet's forum contains the VPN IPSec troubleshooting information with RUT950 on one end (HERE).

Kind Regards,

Andzej

---

Hi,

I read this thread, but this is not site to site tunnel between Fortinet and RUTX11. As ZygimantasBliu write- I use windows application Forticlient SSL-VPN to connect to corporate network. And I'm sure that there is some setting that needs to be done, because I connect with this laptop and Forticlient throw different routers and It works everywhere except with RUTX11.

---

Hi,

According to the information available online, this error occurs with different setups, operating systems, and routers.

The fortinet documentation states which ports are required to be open to enable communication. If you wish, you can replicate the issue (try to establish a forticlient VPN channel), then download and attach a troubleshoot file from System -> Administration -> Troubleshoot. I will take a look at your firewall settings.

Kind Regards,

Andzej