If TLS-AES-256-GCM-SHA384 is removed from the list, Windows 11/FortiClient will still be able to establish a TLS 1.3 connection using one of the alternative TLS Cipher Suites available. Windows 11 is uses TLS 1.3 by default for outbound TLS connections, whereas Windows 10 appears to use TLS 1.2 by default. Users are unable to authenticate if they are in a User Group that is configured in an SSL-VPN Authentication/Portal Mapping (also known authentication-rule in the CLI), but they can successfully authenticate when using the All Other Users/Groups catch-all authentication rule. We remember, tunnel-mode connections was working fine on Windows 10. SSL-VPN tunnel-mode connections via FortiClient fail at 48% on Windows 11, it appears: Credential or SSLVPN configuration is wrong (-7200). An article by the staff was posted in the fortinet community they describes a potential cause for why SSL-VPN connections may fail on Windows 11 yet work correctly on Windows 10. The SSL VPN connection should now be possible with the FortiClient version 6 or later, on Windows Server 2016 or later, also on Windows 10.įortiClient SSL-VPN connects successfully on Windows 10 but not on Windows 11. Note: The default Fortinet certificate for SSL VPN was used here, but using a validated certificate won’t make a difference.įurthermore, the SSL state must be reset, go to tab Content under Certificates. Insert the SSL-VPN gateway URL into Add this website to the zone and click Add, here like as placeholder. Go to the Security tab in Internet Options and choose Trusted sites then click the button Sites. Usually, the SSL VPN gateway is the FortiGate on the endpoint side.
If the Reset Internet Explorer settings button does not appear, go to the next step.Ĭlick the Delete personal settings optionĭisable use TLS 1.0 (no longer supported) Add website to Trusted sitesĪdd the SSL-VPN gateway URL to the Trusted sites. Press the Win+ R keys enter inetcpl.cpl and click OK.Ĭlick the Reset… button.
0 kommentar(er)
