No HTTP or HTTPS when connect to a remote VPN

Forum|Forum|6 years ago
March 15, 2020
2 replies
6458 views

Hi guys,

New to the forum and just started playing with a new Fortigate 60E which I'm looking to replace our office router with. I have set up the Fortigate and everything is working perfectly besides 1 issue and a question. I have set up the IPv4 Policies to allow DNS, HTTP and HTTPS which are working great, the problem starts when I connect to another remote VPN service through the Fortigate. The VPN connects and I can access services on the remote VPN's network but HTTP and HTTPS stop on my local computer (i can still ping remote address, google etc). I disconnect the VPN and all is good again. I'm assuming this is a firewall rule I need to tweak? (picture of my IPV4 Policies are attached). I even enabled the Allow all rule I created (for testing) and it still doesn't fix it My question also, if I only have 3 rules in IPv4 Policies for DNS, HTTP and HTTP, shouldn't have the VPN I was trying to connect to failed to connect? I would have thought that it would be blocked by default if I haven't made a rule to allow it?

Thank!

Rules_.PNG

ede_pfau

SuperUser

I wonder which kind of VPN you are talking about. Certainly, there is no policy connecting your LAN to it. Which kind of is magic.

Please supply more info on the way your VPN is set up, in general and on the FGT (IPsec, SSLVPN, Windows??).

lobstercreed

New Member

Hi Nathan,

It seems pretty clear to me that the remote VPN service you're connecting to is SSL-VPN, which runs over HTTPS. This is precisely one of the reasons SSL-VPN became so popular: it works even on networks that only allow basic web traffic.

As to why you lose the ability to do anything else locally when you connect to this VPN, either:

[ul]

The routes on their side are overlapping with your LAN network, or

They're not split-tunneling and requiring ALL traffic to go through their network. You can check this by doing a traceroute to Google and seeing if it goes directly out your local LAN/WAN or if it goes across their VPN first.[/ul]

Hope this helps! - Daniel

nfonz23Author

New Member

Thanks for your replies I don't think it overlaps with their LAN as the VPN works fine when I take the FortiGate out of our network and put the old router back in place. Same with the split-tunneling, if I put the old router back in place (untangled virtual appliance) everything works fine. Is there a way to capture the traffic going through the fortigate from my local LAN address? So I can capture at which point it's being blocked/stopping? Also you were right the VPN is SSTP (SSL), Thanks!

nfonz23Author

New Member

Thanks for your replies I don't think it overlaps with their LAN as the VPN works fine when I take the FortiGate out of our network and put the old router back in place. Same with the split-tunneling, if I put the old router back in place (untangled virtual appliance) everything works fine. Is there a way to capture the traffic going through the fortigate from my local LAN address? So I can capture at which point it's being blocked/stopping?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded