Troubleshooting SSL-VPN issues can be meticulous since were including many factors that could be at play here, to better understand the issue, we need to gather good information.
Note: One of the best items you can do off the bat, is have the end user run the Forticlient diagnostic tool that is installed with Forticlient, and have them send the output back to you for review. Have the check their
(Win10) Search and run "FortiClient Diagnostic Tool"
(Win7) Start Menu -> All Programs -> FortiClient -> FortiClient Diagnostic Tool
The What:
- How is the problem exhibited?
- Any error messages?
(Have end user provide any error messages)
The Who:
- All VPN users have issues simultaneously, or do they appear to be random events?
(Everyone on SSL-VPN at the same time?)
- Specific users?
(Have them provide which user account)
- Have them provide the version of FortiClient installed
(For those reporting issues, compare to those not having issues)
- Is each account assigned to an individual user?
(Make sure people arent sharing accounts)
The When:
- Gather example timelines for user claiming issues?
(Have them right down a few times, including the most recent)
- Issue exhibited at consistent intervals, or is it sporadic? Does it happen during peak hours?
(Record if it happens on average after an X amount of time)
- Was it previously reliable?
(How long was it reliable for and when did it stop)
- If it is a disconnect, are they able to reconnect right after?
(Include errors if not)
The Where:
- What ISP are they on?
(If multiple users, are they on similar ISP's?)
- Test from a persons computer experiencing issues.
-> From their source network run winmtr and trace to your assigned ssl-vpn gateway FWDN name or IP
(Normally includes a hostname.mdsremote.com) where "hostname is a unique value)
Recommendations:
- Has the persons home internet been cleared of packet loss or high latency?
-> Remote onto your source client and ping a few public services for a bit and make sure there's no packet loss.
- Check for consistent latency for their home internet
-> run a ping to 1.1.1.1 -t for at least 500 pings and then review results
- Is the person connected wirelessly? Have they tried switching to wired and comparing?
- Has the forticlient been updated to 5.4.4?
-> Please upgrade to at least version 5.4.4. Found at link at bottom of page at https://support.mydigitalshield.com/hc/en-us/articles/115001285763
- Has the FortiClient been fully reinstalled?
-> Remove all components and reinstall from version 5.4.4 from the link above
- Did the FortiClient installation include the FortiClient diagnostic tool? Please run and attach generated output Diagnostic_Result.cab