Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
StefanBu
New Contributor

Created on ‎12-10-2020 07:38 AM

VPN split tunnel problem (after FW update)

Hello, we have a FG100D and since the latest fw-update to 6.2.6 we have strange problem with our SSL-VPN connection. Everything seems to work except Outlook. Outlook (versions from 2010 - 365) connects to our Exchange 2010 server. With some users it works without any problems. With others it simply stops working - then an error message like this appears - no connection... Folders cannot be loaded... and Outlook does not open, or Outlook opens and there is 'No connection...' in the bottom right corner

But after a few hours it suddenly works again - same users, without intervention. A connection to OutlookWebApp is always possible, in all cases. The VPN is configuered in the following way:

The split tunneling works well. But the Outlook error drives me crazy.

Has anyone an idea? Or can anyone help?

kind regards

Preview file
168 KB
4583
0 Kudos
5 REPLIES 5
Philippe_Gagne
Contributor

Created on ‎12-10-2020 09:11 AM

Hi,

 

There is an issue with IPSec VPN in the version 6.2.6. Workaround I know: upgrade to 6.4.3 or reboot in the last version you used (change boot flag - see "exec set-next-reboot" command).

 

https://docs.fortinet.com/document/fortigate/6.2.6/fortios-release-notes/236526/known-issues

BugID 668554 and 610203.

 

Regards,

 

Philippe

 

2930
0 Kudos
StefanBu
New Contributor
In response to Philippe_Gagne

Created on ‎12-11-2020 01:39 AM

Thank you for your tipps.

We have a FG100D - the 6.4.x Software is not approved for the 'D' Version.

And also we have a problem with SSLVPN, not IPSEC - but as far as I can see there are also bugs in the SSLVPN, so I will go backwards in firmware and hope it will fix this annoying matter

2927
0 Kudos
StefanBu
New Contributor
In response to StefanBu

Created on ‎12-11-2020 02:18 AM

did a downgrade to 6.2.2 - issue seems to be gone

2927
0 Kudos
JB79
New Contributor
In response to StefanBu

Created on ‎12-11-2020 11:09 AM

We're on 6.2.6 with a 201E here.  Experiencing the same (intermittent) outlook issue for full SSL-VPN users.  Issue only started after we migrated off 6.0.x due to the recent hype about their VPN security flaws on the version we were on.  So many issues on each version after the one we were on pushed us all the way to 6.2.6 before we found one that was mostly working... Outlook over VPN seems to be the only issue discovered so far.

 

Downgrading firmware through that path of broken firmware is not a solution for us, and 6.2.2 had some serious in our environment.  Does anyone know if there's a way to target the specific issue from the outlook or client side of things assuming Fortinet can't get this right?  Its been broken on so many versions of firmware, and the Russian roulette we keep playing (and losing) with firmware is producing a very negative impression of Fortinet within our management...

2927
0 Kudos
NetworkJack
New Contributor
In response to JB79

Created on ‎01-21-2021 07:34 PM

6.2.7 on a HA pair of 100Ds.

 

Having the same problem with one specific Forticlient. Started after updating from 6.2.4 over the holidays. Tried all sorts of config tweaks and after 30-40 minutes, his Phase 2 SAs get deleted/reset and any connections to systems on other side of the tunnel get dropped.

 

Very frustrating.

FortiClient VPN 6.4.2.1580

Windows 10 Home Version 1903 OS build 18362.720

2927
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.