FortiGate VPN

Good day,

I have posted about this issue before but have got a bit further so wanted to start where I am.

I am running FortiGate 7.2 with a VPN NOT in Split Tunnel mode authenticating to DUO VPN and LDAP.

The current VPN was setup my someone else who has left the company and trying to create more "VPN - Tunnel All" so that I can give different Web Filters based on users AD group.

I have created the Firewall Rule below with an AD group "VPN-OUT-ITSU" currently disabled below which allows the VPN to connect and filters the Web Traffic correctly but does not allow the user to access local resources which is should.

I have noticed that when I try and connect on the new Firewall Policy via FortiClient VPN the percentage goes to 98% before I have to do the two-factor code, and the old one goes to 45% which is odd.

I cant see what is going wrong and why when I enable the new one and I test I cant get to any resources.

Thanks for any advice and help.

Julian