Skip to main content
syu
syu
New Member
July 13, 2015
Question

[SOLVED] (some) SSL VPN Client can not access Internal Server

  • July 13, 2015
  • 3 replies
  • 17122 views

After several uninstall, clean up and reinstall of the FortiClient for mac, it is working now...Not sure what happened. Maybe the driver was broken?

====

I have an issue which bothers me so much...

 

I have FortiClient SSL vpn configured on my Mac (latest OS). It works fine accessing Internet via Fortigate but I can not access the Internal Server...

 

While my co-working running windows(tested on windows 8.1 and 10 preview), no issue...

 

Does latest FortiClient have limitation on Mac OS?

 

BTW, I have the full FortiClient installation and registered to Fortigate VDOM1 LAN interface. The SSL VPN termination is on root VDOM WAN Interface and I am trying to connect to server located on ROOT VDOM LAN side.

 

 

3 replies

rwpatterson
rwpatterson
New Member
July 13, 2015

As a quick test, swap. Have a working account log in with your MAC, while you log in with the Windows box. See if the problem remains (bad software install or configuration) or changes (bad user account setup or firewall policy).

syu
syuAuthor
New Member
July 13, 2015

rwpatterson wrote:

As a quick test, swap. Have a working account log in with your MAC, while you log in with the Windows box. See if the problem remains (bad software install or configuration) or changes (bad user account setup or firewall policy).

Did exactly that just before seeing your post.

 

I logged in to my co-worker's laptop SSL VPN and no issue.

My co-worker logged in SSL VPN from my Mac, still broken...

 

I guess I will try to reinstall the FortiClient on my mac...

Ralph1973
Ralph1973
New Member
July 13, 2015

Do a debug, to see where the traffic flows/ stuck.

command like this:

diag deb reset diag debug flow filter proto 1 diag debug flow filter addr 192.168.10.10 diag debug flow show cons en diag debug enable diag debug flow trace start 500

where you replace the address with the address the sslvpn client has obtained.

proto 1 is icmp traffic, so do a ping to the destiantion server from the sslvpn client.

Use protocol 6 for other (e.g. tcp) traffic

 

Kind regards,

Ralph Willemsen

Arnhem, Netherlands

rwpatterson
rwpatterson
New Member
July 13, 2015

I'm a MAC ignoramus, but have set up more than a few with older versions of the SSL VPN software. They went in without a hitch. I'll reiterate that this was back in 4.3.x days, not the newer version 5 chain.

 

YMMV

syu
syuAuthor
New Member
July 13, 2015

rwpatterson wrote:

I'm a MAC ignoramus, but have set up more than a few with older versions of the SSL VPN software. They went in without a hitch. I'll reiterate that this was back in 4.3.x days, not the newer version 5 chain.

 

YMMV

I just uninstall the forticlient and rebooted the mac. Reinstall the FortiClient (VPN Only), it started work... so either reboot fixed the issue OR some other components inside FortiClient broke my SSL VPN... Trying to see if I can pinpoint.

gschmitt
gschmitt
New Member
July 14, 2015

Are both, the Windows and the Mac Client, in the same network when dialing in?

syu
syuAuthor
New Member
July 14, 2015

gschmitt wrote:

Are both, the Windows and the Mac Client, in the same network when dialing in?

Yes, dial in from the same network or different networks were the same result...

gschmitt
gschmitt
New Member
July 14, 2015

syu@abmis.ca wrote:

Yes, dial in from the same network or different networks were the same result...

Hm, could you still give us a

Windows: route print

Mac: netstat -r

list, and the networks they should be able to reach?

Terms & ConditionsAccessibility statement