Credential or ssl vpn configuration is wrong 7200 что за ошибка forti client

Tutorials Howto Workaround DevOps Code

Credential or ssl vpn configuration is wrong

FortiClient Error: Credential or ssl vpn configuration is wrong (-7200)

When trying to start an SSL VPN connection on a Windows 10, Windows Server 2016 or 2019 with the FortiClient, it may be that the error message “Credential or ssl vpn configuration is wrong (-7200)” appears. The reason to drop connection to the endpoint during initializing caused by the encryption, which can be found in the settings of the Internet options.

Another symptom can be determined, the SSL-VPN connection and authentication are successfully established, but remote devices cannot be reached, and ICMP replies are also missing and result in a timeout.

How to solve ssl vpn failure

According to Fortinet support, the settings are taken from the Internet options. The Internet Options of the Control Panel can be opened via Internet Explorer (IE), or by calling inetcpl.cpl directly.

Press the Win + R keys enter inetcpl.cpl and click OK.

Select the Advanced tab

Click the Reset… button. If the Reset Internet Explorer settings button does not appear, go to the next step.

Click the Delete personal settings option

Click Reset

Open Internet Options again.

Go back to Advanced tab

Disable use TLS 1.0 (no longer supported)

Add website to Trusted sites

Add the SSL-VPN gateway URL to the Trusted sites. Usually, the SSL VPN gateway is the FortiGate on the endpoint side.

Go to the Security tab in Internet Options and choose Trusted sites then click the button Sites. Insert the SSL-VPN gateway URL into Add this website to the zone and click Add, here like https://sslvpn_gateway:10443 as placeholder.

Note: The default Fortinet certificate for SSL VPN was used here, but using a validated certificate won’t make a difference.

Furthermore, the SSL state must be reset, go to tab Content under Certificates. Click the Clear SSL state button.

The SSL VPN connection should now be possible with the FortiClient version 6 or later, on Windows Server 2016 or later, also on Windows 10.

Don’t get success yet ?

If you haven’t had any success up to this point, don’t despair now, there is more help available, may the following is the case!

If you may use an FortiClient 7 on Windows 10 or Windows 11, then create a new local user on the FortiGate and add it to the SSL-VPN group.

Add the user to the SSLVPN group assigned in the SSL VPN settings.

Try to verify the credentails using the web mode, for this in SSL-VPN Portals the Web Mode must my enabled.

Note that the group with the affected user is assigned under SSL-VPN Settings at Authentication/Portal Mapping.

Try to authenticate the vpn connection with this user.

It worked here with this attempt, but I haven’t yet been able to successfully carry out the authentication via LDAP server,

If your attempt was more successful and you know more ? please let us know and post your comment!

How useful was this post?

Click on a star to rate it!

Average rating 4.1 / 5. Vote count: 24

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Источник

Fortinet Community

• Subscribe to RSS Feed
• Mark as New
• Mark as Read
• Bookmark
• Subscribe
• Printer Friendly Page
• Report Inappropriate Content

Created on ‎12-31-2021 01:08 AM Edited on ‎06-06-2022 11:44 AM By Anonymous

Technical Tip: Credential or SSL-VPN configuration is wrong (-7200) Radius user

SSL VPN tunnel mode is enabled in the firewall and the radius users are imported to the FortiGate.

So it is necessary to make sure the actual radius user name and the user imported in the Fortigate must be the same, if not we would get’ credential or ssl vpn configuration is wrong (-7200)’ error.

Check the below-mentioned output.

# config user loca
edit «test»
set status enable
set type radius

Since the username in firewall and radius is the same authentication is success and two factor worked.

Post entering the Token.It worked.

Now by mistake, if the radius user is saved with a different user name then VPN will not work.

# config user local
edit «Test»
set status enable
set type radius

Trying to connect the VPN but it is not working.

it is because of the case sensitive, and post making the below mentioned changes the VPN is connected.

# config user local
edit «Test»
set status enable
set type radius
set username-case-sensitivity
end

Источник

Fortinet Community

• Subscribe to RSS Feed
• Mark Topic as New
• Mark Topic as Read
• Float this Topic for Current User
• Bookmark
• Subscribe
• Mute
• Printer Friendly Page

Created on ‎03-03-2021 11:55 AM

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

I use Forticlient 6.4 and I am trying to connect to My customer’s network through a SSLVPN

But when I try to establish connection, I get «Credential or ssl vpn configuration is wrong (-7200)»

I can guarantee I have the correct credentials :

— If I go to the web portal, Authentication is OK (but it’s not usable for tunneling since my customer enforces the usage of Forticlient)

— If I use it with the same credentials on another computer, all goes OK

The only thing is, I have to use it on my EC2 instance for some reasons

Here are the logs got fom forticlient (with some useless informations replaced by ‘Xs’)

03/03/2021 19:44:24 error sslvpn date=2021-03-03 time=19:44:23 logver=1 type=securityevent subtype=sslvpn eventtype=error level=error uid=759C8992AA59472092B77212ADC83DE3 devid=FCT8000490583038 hostname=IP-0A8F0277 pcdomain=N/A deviceip=10.143.2.119 devicemac=XX-XX-XX-XX-XX-de site=N/A fctver=6.4.3.1608 fgtserial=FCT8000490583038 emsserial=N/A os=»Microsoft Windows Server 2016 Datacenter Edition, 64-bit (build 17763)» user=Administrator msg=»SSLVPN tunnel connection failed» vpnstate= vpntunnel=XXXXX vpnuser=XXXXXXXXXXXX remotegw=XXX.XXX.XXX.XXX

On the router side, the error is seen as a «bad password» error

I suspect something on the network interface configuration, but I have to admit I have exhausted all my ideas.

Источник

Fortinet Community

• Subscribe to RSS Feed
• Mark Topic as New
• Mark Topic as Read
• Float this Topic for Current User
• Bookmark
• Subscribe
• Mute
• Printer Friendly Page

Created on ‎01-27-2021 07:33 AM

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

We have VPN configured that users authenticate with LDAP (the same user and password as in Active Directory)

This error message pops when one trying to log in to VPN, the temporary solution is to reset the AD password and then the user can log in to VPN,

I’ve looked through the forums, but didn’t find any solution

Created on ‎01-28-2021 05:54 AM

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

With nearly no config info, this is bordering on a Looking Glass session.

Please post the VPN config, the type of VPN configured, and the client’s config — only the relevant parts, no PSKs or public IPs please.

«Kernel panic: Aiee, killing interrupt handler!»

Created on ‎01-28-2021 02:25 PM

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

Sorry for the question, can you guide me what info and from where can I provide? thank you

Created on ‎02-24-2021 06:08 AM

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

I’ve got the logs from user if it helps:

2/24/2021 3:56:29 PM error sslvpn date=2021-02-24 time=15:56:28 logver=1 type=event subtype=sslvpn eventtype=error level=error uid=C68680C1B28843D5942B67A0BCC0C687 devid=FCT8002021467391 hostname=XXXXXXXXX pcdomain=N/A deviceip=10.100.102.10 devicemac=18-26-49-2e-16-9d site=N/A fctver=6.4.2.1580 fgtserial=FCT8002021467391 emsserial=N/A os=»Microsoft Windows 10 Professional Edition, 64-bit (build 19041)» user=Roy msg=»SSLVPN tunnel connection failed» vpnstate= vpntunnel=Office vpnuser=XXXX remotegw=XXXXXXXXXXX

Источник

Fortinet Community

• Subscribe to RSS Feed
• Mark Topic as New
• Mark Topic as Read
• Float this Topic for Current User
• Bookmark
• Subscribe
• Mute
• Printer Friendly Page

Created on ‎03-03-2021 11:55 AM

• Mark as New
• Bookmark
• Subscribe
• Mute
• Subscribe to RSS Feed
• Permalink
• Print
• Report Inappropriate Content

I use Forticlient 6.4 and I am trying to connect to My customer’s network through a SSLVPN

But when I try to establish connection, I get «Credential or ssl vpn configuration is wrong (-7200)»

I can guarantee I have the correct credentials :

— If I go to the web portal, Authentication is OK (but it’s not usable for tunneling since my customer enforces the usage of Forticlient)

— If I use it with the same credentials on another computer, all goes OK

The only thing is, I have to use it on my EC2 instance for some reasons

Here are the logs got fom forticlient (with some useless informations replaced by ‘Xs’)

03/03/2021 19:44:24 error sslvpn date=2021-03-03 time=19:44:23 logver=1 type=securityevent subtype=sslvpn eventtype=error level=error uid=759C8992AA59472092B77212ADC83DE3 devid=FCT8000490583038 hostname=IP-0A8F0277 pcdomain=N/A deviceip=10.143.2.119 devicemac=XX-XX-XX-XX-XX-de site=N/A fctver=6.4.3.1608 fgtserial=FCT8000490583038 emsserial=N/A os=»Microsoft Windows Server 2016 Datacenter Edition, 64-bit (build 17763)» user=Administrator msg=»SSLVPN tunnel connection failed» vpnstate= vpntunnel=XXXXX vpnuser=XXXXXXXXXXXX remotegw=XXX.XXX.XXX.XXX

On the router side, the error is seen as a «bad password» error

I suspect something on the network interface configuration, but I have to admit I have exhausted all my ideas.

Источник