I have solved this issue many times on Windows 2016 Server by adding the exact URL
(also include custom port if needed - e.g. https://mysslvpn.domain.dom:10443
) for the SSL VPN to the Trusted Sites list in Internet Options
(from IE or by running "inetcpl.cpl"). Of course you need to add the URL for every SSL VPN
you want to connect to.
This happens even when IE is not the default browser.
In all my instances of this issue, I also found out I could check this issue by opening the SSL VPN URL with Internet Explorer. Every time I could not connect to the SSL VPN in Web Mode from Internet Explorer (it displays "This page can't be displayed"), FortiClient was also failing just like the OP describes. (The Web Mode was working just fine on Chrome or Firefox.) The opposite was also true: when IE logged into the Web Mode, FCT was working.
(Of course Web Mode must be enabled for the relevant SSL-VPN Portal for this test to make sense.)
I also found this issue on a server with Trusted Sites locked by Group Policy - so I couldn't add a new entry. In the end I was able to solve the issue by resetting Internet Options
(also see attached image)
- run Internet Options (inetcpl.cpl)
- select the "Advanced" tab
- Click on the "Reset..." button
- flag "Delete personal settings" (I did that - don't know if it is needed)
- Click "Reset"
Summing it up, it is clear that something inside Internet Options is the culprit, but I wasn't able to pinpoint what exactly.
Fortinet support says that FortiClient is designed to take settings from Internet Options. At this point I'd like to know exactly what parameters are in use (I guess I can't ask support because I don't have a valid FortiClient support contract at the moment).
To anyone having this issue, I'd still recommend trying to add the SSL VPN URL to the Trusted Sites before resetting.
Please note that I am using the default certificate for the SSL VPN - but I believe this makes no difference (beyond all the expected warnings).
post edited by andrew - 2019/01/29 09:33:23