Forcepoint VPN Client connection issues

If you experience connection issues, there are several troubleshooting processes to follow.

Mobile VPNs are only supported in policy-based VPNs.

If NAT is used and the configuration download succeeds, but the Forcepoint VPN Client cannot connect to the VPN Gateway, follow these troubleshooting steps:
  1. If NAT is done between the Forcepoint VPN Client and the Firewall, set the Contact Address for interfaces that are used as a VPN endpoint. The Contact Address tells the VPN clients the external NATed address they must contact.
  2. Refresh the Firewall Policy and make sure the Forcepoint VPN Client downloads a new configuration from the engine.
If NAT is configured to translate the Forcepoint VPN Client address, but NAT is not done, check the following:
  • In the VPN properties, make sure that the Apply NAT to traffic that uses this VPN option is selected. NAT is only done if the option is selected.
  • Make sure that the NAT rules are correct. Usually, NAT is performed using the NAT Pool address range defined for the Firewall element in the VPN > Advanced branch in the Engine Editor. The same traffic must not match any of the NAT rules in the Firewall’s policy. The only exception is a rule that specifically defines that no NAT is performed on this traffic to prevent subsequent NAT rules from matching.
For any general problems:
  • Make sure that the Forcepoint VPN Client version is up to date. Older clients might have known issues that prevent correct operation and might not support all features configured for the gateway.
  • Check for any VPN-capable devices between the Firewall/VPN device and the Forcepoint VPN Client. These devices can sometimes attempt to take part in the VPN negotiations.
  • Check the Firewall logs for information about mobile VPN connections.