Fortigate tech

        It is very important to go through debug logs if there is an issue with SSL VPN. I have tried here to break down the debug flow so we can understand the flow of VPN and figure out the exact issue. 1st step: Fortigate (FW) and client establish SSL tunnel  It checks client cert requirements and TLS version supported by the client At the end of this flow, you can see the TLS version and cypher used  IMP: If you are facing any issue at this stage, you can try to verify the TLS version, ciphers and client cert requirement  2nd step: It matches the authentication rule and checks user credentials It validates the authentication rule (if you have more than one auth role, it use the top to bottom approach You can see authentication successful at last IMP: If an issue occurs in this stage, you need to verify the auth rule and credentials 3rd step In this step, it does hostcheck (hostcheck is basically checking whether the system support specified OS, reg...

         It is critical to take backup when it comes to upgrading or before making any configuration changes.  You should take the following backup: Configuration file Local certificates Why I should take Certificate backup? Because Unique SSL inspection CA and server certificates that are generated by your FortiGate by default are not saved in a system backup. Where I can save the backup? local PC, USB key, FTP, and TFTP server What if I have VDOM? If you have VDOMs, you can back up the configuration of the entire FortiGate or only a specific VDOM How to Backup? Click on the user name in the upper right-hand corner of the screen and select Configuration > Backup. Direct the backup to your Local PC or to a USB Disk.     The USB Disk option will not be available if no USB drive is       inserted in the USB port. If VDOMs are enabled, you can collect specific VDOM backup or the entire configuration Encryption. Encryption must ...