Skip to main content
Christian_89
Christian_89
Contributor III
May 24, 2022
Question

Fortigate SSLVPN TEAM

  • May 24, 2022
  • 7 replies
  • 4864 views

Hi, everyone

I have the following problem.
FortiVM02 customer arrives in a full tunnel with SSLVPN.
If the customer has video conferences via Teams, this does not work. Team breaks down.
In the office without SSLVPN it is not a problem.
I have SIP ALG disabled.
Have any of you experienced this yourself or know where the dog is buried?

Greeting

Christian

7 replies

jintrah_FTNT
Staff
jintrah_FTNT
Staff
May 25, 2022

Hi,

 

Did you mean that all traffic from client would reach FortiGate (ie, no split tunneling used)? If so, is there a policy from ssl interface to wan interface? And if it did, does it have any security profiles?

 

Best regards,

Jin

Christian_89
Christian_89Author
Contributor III
May 25, 2022

Hello Jin I set up a full tunnel. I have no sec on the rule of SSLVPN-> WAN. profile active.

A
Anonymous_User
Contributor
May 25, 2022

Hello,

Are you using SDWAN if you can you create a rule with a Single interface only for the SSL VPN users and check

 

Regards,

Christian_89
Christian_89Author
Contributor III
May 25, 2022

Hello Vsahu 
I don't use SDWAN.

A
Anonymous_User
Contributor
May 25, 2022

Hello,

 

Can you create a new policy on the top of the existing one for the SSL VPN Teams Access, Use Internet service as a Destination and add the Microsoft-Skype_Teams. Disable all the UTM and check the behavior.
Teams.PNG

    Christian_89
    Christian_89Author
    Contributor III
    May 26, 2022

     Hi Vsahu

    I configured the rule to any.
    Isn't that the same as configuring the Internet Service?

    I have now created a rule with the Internet Service.

    Greeting

    Christian

    A
    Anonymous_User
    Contributor
    May 26, 2022

    Hello Christian,

     

    If you had the policy with All as the destination it should not cause any issues with the respected traffic, but it's sometimes better to segregate the Services which are having the issue and check the behavior that's why I suggested the same.

    alif
    Staff
    alif
    Staff
    May 26, 2022

    Hi Christian,

     

    If your company allows, you can also enable split tunneling. In this way, only the LAN traffic will traverse via SSL VPN while the Internet traffic will go via local Internet of the connected user.

     

    https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/307303/ssl-vpn-split-tunnel-for-remote-user

    seshuganesh
    Staff
    seshuganesh
    Staff
    May 26, 2022

    Hi Team,

     

    SIP alg is not related to microsoft teams.

    If you experience teams call issue with ssl vpn, that could be because of bandwidth issue.

    Can you create interface widget for wan interface

    https://docs.fortinet.com/document/fortigate/7.0.0/new-features/496187/fortiview-application-bandwidth-widget

    You can use this article and check for interface bandwidth widget.

    Also, can you check if there is any DOS policy configured for the firewall?

    Christian_89
    Christian_89Author
    Contributor III
    May 26, 2022

     

    Hi

    thank you very much for your info.

    Regarding Fortiview, I will enable.
    Can I see somewhere if it would be a bandwidth problem.
    As much as I've seen now. is the bandwidth according to Interface Bandwidth is never fully utilized.

    seshuganesh
    Staff
    seshuganesh
    Staff
    May 27, 2022

    Please check if you have DOS protection configured in the firewall.

    It would impact microsoft, zoom traffic which will generate heavy UDP flood 

    Terms & ConditionsAccessibility statement