SSL VPN via forticlient connects but traffic does not pass

  • 13 November 2018
  • 6 replies
  • 1122 views

I'm using a Forticlient linked to my firewall with the correct settings and from wireless it works fine across the board, but using only  T-mobiles network I am able to login with my username and password, but I can't pass traffic for example ping to something in the firewalls network.

I know that T-Mobile is IPv6 and my provide is handing off ipv4 but it should jump from the carrier to the end point with no problems. I'm thinking it's the application I'm using either the ping app (I've tried many) or the Forticlient itself. Does anyone have any idea's how to get this to work?

I am using the latest version of forti client and 5.4.6 firmware on a Fortigate VM64 firewall.


6 replies

Userlevel 6
Badge +15

I'm not 100% sure how this program would work devices we carry or on our network. Sorry my friend, I wish I could give more advice but this is really outside the scope of support T-Mobile provides. We can leave this discussion open in case some other folks come along and have some helpful suggestion.

Ok I'll be opening a ticket with Fortinet to see if they know of the Forticlient having a fix or known issue on this.

Recap- SSL VPN Client (Forticlient) does not work across using LTE data on the T-mobile network, it connects but traffic does not pass.

Hi mightymitch, i run into the same problem, did you get a solution from Fortinet?

Thanks in advance

Berry

I'm still trying to some time together in order for them to look at it.

After working with Fortinet I have been able to confirm through debugging that the traffic can be seen going to the firewall from the phone while connected on LTE only and return traffic comes back through the firewall, but no matter which application for ping that is used it does not actually reach the phone on the return path. I used the same applications that work across other networks like Verizon/ATT. I have confirmed up to this point the problem lies with either the Forticlient smart phone application or the T-Mobile network. I have changed phones, I have changes software versions, I have upgraded/downgraded the forticlient.

I wouldn't be surprised if T-Mobile was sniffing the traffic/  watching/scanning it before sending it back would explain the weird behavior I am getting. Has anyone else found a legitimate vpn application that actually works across the T-Mobile network on LTE only?  I will not be re-visiting this to troubleshoot anymore.

Userlevel 3

Are you just looking for VPN protection or are you trying to connect to someplace specific?

For general protection there are many that work just fine.  To connect to my home i use openvpn and it works great.

Reply