Fortigate VPN client "Unable to logon to the server. Your username or password may not be properly configured for this connection. (-12)"

vpn fortigate fortinet

Discovered that the problem was that I had special characters in my password. There was never any indication that special characters were not permitted, but sure enough, when I reset the password to something alphanumeric, it works.


Also... if you do not have the Tunnel Mode allowed in the SSL Portal configuration for that particular Portal. As soon as I added it in I could connect with the full SSL VPN client.


http://srvfail.com/common-forticlient-ssl-vpn-errors/

As the error states itself the most common problem is that either the username or the password isn't matching the one of the device.

Other problems might be:

  • the user is not in the correct user group that has VPN access (either the local firewall group or the LDAP server group if you’re using one)
  • there isn't a corresponding firewall policy rule that allows access for the user group to any of the internal networks. You need to have the rule from the wan interface to one of the internal interfaces with action SSL-VPN and select the group of users which will have access, check if your user is in correct group.
  • you might be trying to connect to VPN from the wrong side of the interface (from one of your internal networks or from the network of one of the sites you already have a site to site connection

Related

Reloading New Nginx Configuration With No Downtime
Elastic IP vs EC2 Public Hostname + Route53
What is required to activate cgroups in Linux
Is it possible to exclude empty directories when creating a tar?
Is it possible to have 2 Error Logs per VirtualHost in Apache?
nginx serving alternate location on 404
How can I add an ephemeral disk to an existing EC2 instance?
Ubuntu server 12.04.03 not checking disk partitions on reboot?
Kerberos - Adding a SPN to a Domain User
How to fix sudoers file on virtual machine without root and reboot
syntax error: unknown user 'munin' in statoverride file
Is a subdomain with both A records and NS records valid?