Troubleshooting SSL-VPN issues can be time consuming since were including many factors that could be at play here, to better understand the issue, we need to gather good information.
The What:
- How is the problem exhibited?
- Any error messages?
(Have end user provide any error messages)
The Who:
- All VPN users have issues simultaneously, or do they appear to be random events?
(Everyone on SSL-VPN at the same time?)
- Specific users?
(Provide which user account)
- Is each account assigned to an individual user?
(Make sure people aren't sharing accounts)
The When:
- All day or only certain hours?
(Have them right down a few times, including the most recent)
- Issue exhibited at consistent intervals, or is it sporadic? Does it happen during peak hours?
(Record if it happens on average after an X amount of time)
- Was it previously reliable?
(How long was it reliable for and when did it stop)
- If it is a disconnect, are they able to reconnect right after?
(Include errors if not)
The Where:
- What ISP are they on?
(If multiple users, are they on similar ISP's?)
- Test from a persons computer experiencing issues.
-> From their source network run winmtr and trace to your assigned ssl-vpn gateway FWDN name or IP
(Normally includes a hostname.mdsremote.com) where "hostname is a unique value)
Recommendations:
- Has the persons home internet been cleared of packet loss or high latency?
-> Remote onto your source client and ping a few public services for a bit and make sure there's no packet loss.
- Check for consistent latency for their home internet
-> run a "ping 1.1.1.1 -t" for at least 500 pings and then review results
- Is the person connected wirelessly? Have they tried switching to wired and comparing?
- Has the forticlient been updated?
https://www.forticlient.com/downloads
- Has the FortiClient been fully reinstalled?