SSL VPN Error:Permission denied

Welcome to the forums. What version were you using prior to the upgrade?

First: 3.00,build0415,070625 Second:build0482 And now the latest one, and it is not working anymore.

The problem is, sometimes it is working for 1 day Policy settings are ok, I checked it with the Fortinet manual mr6p2

Sorry guys, not to hijack the this thread, but i am having a issue with this too. OS 3.0- MR6p2 Have you found where the problem was with this. Thanks in advance Sammy

I' ve been having this same issue with all versions of FortiOS 3.0 for the past 6 months now, currently on MR6 Patch 1. It' s extremely frustrating to have this feature and never have been able to use it. Is there a solution other than switch vendors?

hello, No indication from fortinet on the fix of this MR6 - P2 there is a bug - SSL VPN' s do not work with P2 - my advise if you don' t need the Vista support that MR6 allows then stick with MR5 - P5. Cheers

Thanks for that info. But that doesn' t explain why it works for some and not others... Anyone from Fortinet out there? Are you guys planning on fixing this or do I have to use Sonicwall SSL VPN appliance? [>:]

If it' s still needed... here' s what I did to get the SSL VPN working with MR6 Build 668 (p2). My VPN' s were working fine with MR5 Patch 5, but memory management was awful... that' s why I upgraded. I didn' t have to change the SSL VPN config or the User Group config, AND, I left the orignal policy for SSL VPN access: SRC: WAN1 - Addr: all --> DST: Internal - Addr: Internal_Network - Action SSL VPN - Added my user group to the Allowed: groups * note... the source address should be set to " all" not your SSL-VPN address range BUT... you need to add two more policies and a static route: New Policy 1... SRC: internal - addr: Internal_Network --> DST: ssl.root - addr: all - Action: Any New Policy 2... SRC: ssl.root - addr: all --> DST: internal - addr: Internal_Network - Action: ANY Static Route... Destination IP/Mask: <SSL-VPN IP addy range>/24 (your range and subnet) Device: ssl.root I have tested this on 3 of the 250+ firewalls I support (they are a mix FGT-50A, FGT-60, FGT-50B and FGT-60B) and it works great. MR6 Patch 2 works well too. The ssl.root port gives you the ability to route SSL-VPN traffic through IPSec VPN' s and vice versa... but I haven' t tested that yet. Hope that helps... Bradley PS... there is an SSL-VPN client in the MR7 download folder on the FTP site. It works with Windows, Linux and Mac. But only the Windows client will work with MR5, MR6 & Mr7. The Linux and Mac client only works with MR7.