Skip to main content
mrw
mrw
New Member
May 27, 2021
Question

Problem accessing SSL-VPN from one VDOM to another

  • May 27, 2021
  • 2 replies
  • 9844 views

Hi,

We have a FG1500D that has lots of VDOMs set up for lots of customers. And now we have noticed that if I´m connected to one of these VDOMs I can´t connect to another VDOMs SSL-VPN using FortiClient. It just hangs at around 40% then timeouts. If I put the same computer on a completely external network the same VPN connection works fine.

The VPN connection point to a public ipaddress.

 

Any idea on what we need to do to fix this? Or atleast how to troubleshoot it?

 

Thanks in advance,

//Andreas..

    2 replies

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    May 27, 2021

    You need to explain a little more than just "lots of VDOMs" including the VDOM topology/how they're supposed to be connected each others and where the SSL-VPN client is located/connected to in the topology. I'm assuming there is no connection between customer VDOMs. So you must be connecting to a management vdom or else, which is supposed to have connection to all customer vdoms.

    mrw
    mrwAuthor
    New Member
    May 27, 2021

    Thanks for your answer.

     

    Ok, to clarify a bit, most VDOMs are completely separate. We have some specific VDOMs that have interVDOM-policys enabled on the same firewall but I don´t think these are involved here.

    I am sitting on a customers VDOM(just a laptop on the internal subnet of that VDOM) and tries to access another customers VDOM using the SSL VPN that is set up in that VDOM. That SSL-VPN is used for that customers employees.

    Not sure if that explanation helps?

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    May 27, 2021

    Let's say VDOM A your laptop is in, then VDOM B is the SSL-VPN's destination. Then how VDOM A and B get out to the internet? Via a root vdom or both vdom have separate internet circuit/interface in the VDOMs?

    mrw
    mrwAuthor
    New Member
    June 1, 2021

    We have solved this now.

    I tested this from different VDOMs both as source and target and came to the conclusion that it this specific source VDOM that has this issue.

    We noticed that SSL-inspection was ON for the outgoing policy and when we disabled SSL-inspection the SSLVPN worked.

     

    Would be nice to know why that inspection blocked the connection, so that question remains. But the problem is atleast solved now.

     

    Thanks for your help!

    Terms & ConditionsAccessibility statement