Allow External web URL to be accessible for SSL VPN user.

Forum|Forum|8 years ago
October 10, 2017
1 reply
17028 views

Hi Guys,

Just wondering If I want to allow external web service hosted on third party vendor to SSL_VPN user. What steps I need to follow. Though that external web service URL is only accessible from our private company network due to external public facing IP binding I guess done by vendor. But needed to be accesible over our SSLVPN user as a part of test.

Firewall model: Fortigate200D(Master) HA mode

Operation Mode : NAT

Inspection Mode: proxy -based

SSL VPN tunnel

firm: v5.4.3

cheers!

Thanks

Atul

Best answer by emnoc

1: you need a firewall policy that allows the SSLVPN pool assignment and service HTTP/HTTPS

2: the source interface will be the ssl.root ( ssl.<vdomname> )

3: use the cli cmd diag debug flow to analyze and you will see the problem(s)

4: alternative you could defined a explicit proxy and have the clients use it.

MikePruett

New Member

You will want to remove split tunnel SSL VPN (make it so that all traffic, both interesting (internal network) and non interesting (users internet traffic) goes through your Firewall via the SSL VPN) so that your users will show your organization's public IP when surfing the net and in turn will be allowed to access the vendors site.

adograAuthor

New Member

Mike thanks for the solution. But its already off. Split tunneling. Fyi -there are few SSL VPN portals and only "full access" portal one does have split tunneling on. I turned that off for a test but still no luck. Not sure how long do I need to wait for reconnection to sll vpn after change in firewall tunnelijg.mode?? Though, that external URL is accessible via RDP over SSL VPN. But not accessible directly from client/laptop web browser that is connected thru forticlient vpn client. Which seems certainly an issue with sslvpn policy or static routing. Thanks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded