Skip to main content
mvig
mvig
New Member
July 28, 2018
Question

Basic VPN Troubleshooting

  • July 28, 2018
  • 1 reply
  • 3971 views

The gist of my problem is that I cannot access network resources on multiple laptops (same account) from multiple locations both wired and wireless. I can however connect without issue. On the day this issue began "something" was being done onsite with the phone system and "something" was done with the firewall. 

 

We are a small company and I am the only user of the VPN .  We have no dedicated experts to look in to this so I need to get some idea what to look at to triage this. I've used it for years without issue before this day so I have a real hard time believing it is unrelated.

 

Is there a way I can go about determining what to look at? I suspect its the firewall or some sort of conflict that was introduced with the VoIP "upgrade".

 

Is there anything in the FortiClient diagnostic tool logs that can provide insight or in server side logs?

 

I am a developer and a decent troubleshooter but this is not within my realm of knowledge so I do not know the correct terminology or jargon.

 

Anything would be greatly appreciated.

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    July 29, 2018

    Well, a quickest way is to ask who made the change on the fGT what he/she did. Otherwise, it's going to be a long time before you can find out what might have done.

    First thing to verify is if a route to the destination is in the routing table on the FGT. If so, it's relatively easy to figure out why your access doesn't route. Likely somemthing got changes in the policies. If the route is not there you need to find out how your access can get to it after the FGT.

    Make sure your machine has a route for the destination into the tunnel. It could be a default route if it's not split-tunnel.

    emnoc
    emnoc
    New Member
    July 29, 2018

    if you suspect the firewall changes cause the issue than revert is the logic solution here. Regards, I would at minimum do

     

     

    cli diag debug flow

     

    and use the   webUI diff for revisions and inspect the changes made.

     

    Ken

    mvig
    mvigAuthor
    New Member
    August 2, 2018

    Thanks. Now that I am on site I can investigate more.

     

    Are there any server side logs I can check?

    Terms & ConditionsAccessibility statement