Netbios through SSL-VPN

Forum|Forum|19 years ago
October 5, 2006
3 replies
6395 views

Hi all, I can' t succeed in making network browsing work through SSL-VPN. All I' m able to do is connect to shared resources with IP addresses. If I try to connect to a resource \\server\shared_folder, the host answers it cannot find the path to this resource. Just as if the host couldn' t find the master browser in the lan. Same thing if I try to browse the network. I put a WINS server and an internal DNS server in the SSL-VPN advanced configuration but without any success. A few details : The remote user is logged locally. FortiOS is V3MR2 the domain reached is a Windows 2000 Active Directory Policy is any/any/ssl-vpn In web-mode, the bookmarks created are only working if the destination server is written with its IP address (ie: //192.168.0.1/shared/). Bookmarks with server names (like //server/shared/) don' t work. Same thing with tunnel-mode. The only way I found to make this work (in tunnel-mode) is add the server' s name in the client' s hosts file. Does someone have the clue ? and is there a clue ? Thanks for any answer, Best regards, Vincent MAZARD DML France www.dml.fr

rwpatterson

New Member

This appears to be a DNS issue. I had the same issue. I had to force all traffic via SSL VPNs through the tunnel, to force the use of our DNS servers. (Turned off split tunneling). The tricky part is creating a rule from port 2 to port 2 ( Internet to Internet) so that the tunnel traffic can see the Internet. I then gave this strange rule limited Internet capbility, and told my users, when they' re connected, don' t browse! Get over it. They should be in the network to do work anyway. Disconnect, browse, then reconnect. It takes 5 seconds to get the tunnel back up. -Bob

A

Anonymous_UserAuthor

Contributor

Thanks for your answer. Unfortunately this doesn' t solve my problem : split-tunnelling is off the remote clients do use the internal DNS servers. And this isn' t sufficient for the clients to discover the network. even a " net view \\some_internal_machine" doesn' t work. Thanks anyway I tried to add " netbios-forward enable" and " wins-ip n.n.n.n" without success (on both internal and external interfaces) Vincent

rwpatterson

New Member

Also, have you added the ' WINFRAME' protocol to the appropriate service group? This is Fortigate' s version of Samba. Actually, now that I recall, I had to jump through hoops to get that to work. Let me dig through my config, and get you an answer.

A

Anonymous_UserAuthor

Contributor

I found the answer for the tunnel mode : The fortissl DUN connection doesn' t include the " Windows network client" and " file and print sharing" components. I wonder why these modules are not checked by default ???? (a bug ?). Just check them both in the fortissl configuration and reconnect to be able to browse the internal network. For web-mode, the bookmarks with server names instead of IP addresses still doesn' t work.... Investigating further. VM

A

Anonymous_UserAuthor

Contributor

I found the answer for the tunnel mode : The fortissl DUN connection doesn' t include the " Windows network client" and " file and print sharing" components. I wonder why these modules are not checked by default ???? (a bug ?). Just check them both in the fortissl configuration and reconnect to be able to browse the internal network. For web-mode, the bookmarks with server names instead of IP addresses still doesn' t work.... Investigating further. VM

rwpatterson

New Member

I stand corrected. I crossed two different service groups when I was transferring info. WINFRAME is not needed here. (and it is Citrix, not SAMBA) We only use tunnel mode here, not web mode. My users take the respective clients home and install them there. (Not with licensed software though). They connect directly to the servers over the SSL VPN.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded