Has anyone here had any success using a client VPN through a FortiGate which is inspecting traffic? I have an example where when connecting using AnyConnect, we get an error “The VPN failed to establish a connection” and “Cisco Secured Client was not able to establish a connection to the specified secure gateway”. If I drop the same exact address in AnyConnect in the same machine’s web browser, it loads just fine with no errors (I see the cert from the FGT and webpage loads). If I add the fqdn to my ssl exemption list, it then works in AnyConnect.
Just wondering if there are ways to get this to work without error to the end user (besides putting hostname in exception list)? Is there any specific query in FAZ I can run to know which SSL connections failed? When I looked in the log in the FGT to the AnyConnect dst, it showed ‘allow’ even though the connection didn’t actually work.
