FortiClient SSL-VPL Failed


Failed to establish the VPN connection. This may be caused by a mismatch in the TLS version. Please check the TLS version settings in the Advanced of the Internet options. (-5029)

With FortiClient, establishment of an SSL-VPN connection to the FortiGate can output the following warning.




fortinetThe now outdated cryptographic protocol TLS 1.0 is no longer activated by default as of FortiOS 6.0. It is recommended to use at least TLS 1.1 (Cipher Suites) for authentication and data encryption. We are currently on TLS 1.3 which has been approved by the IETF (Internet Engineering Task Force).


If you want to continue to use older clients that are only ready for use later with TLS 1.2 or higher in the course of a migration via update rollout, TLS 1.0 can be activated on the FortiGate.

Check the current TLS setting from the FortiGate Console with CLI Command:

Activate in the CLI the Cipher Suite TLS 1.0.

The TLS version of the Microsoft Windows snap-in (inetcpl) Internet option can also be adapted for the client.

Hit the key Win + R and enter inetcpl.cpl


In the property window Eigenschaften von Internet – Erweitert, activate TLS Version 1.0, 1.1 and 1.2.


More Solution

With older Windows versions, or with routers with PPPoE Internet connection, errors when establishing SSL-VPN connections can be eliminated as follows.

It appears the FortiClient error message:

Unable to establish the VPN connection. The VPN server may be unreachable (-5)

To do this, check the MTU size of the network interfaces with the following command from an open command prompt

The output might look something like this:

Check the MTU size and adjust to 1400 if necessary. In a command prompt opened as an administrator, with running netsh.

Alternatively, call Regedit and navigate to the following key.

under the appropriate interface with the appropriate IP address, here {222e135b-d09c-47a3-9236-63a041a02ea6} change the key MTU with the value 578 hexadecimal.


After restarting the computer, the SSL-VPN connection can be established.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published. Required fields are marked *