Skip to main content
tyrsofrage
tyrsofrage
New Member
October 31, 2024
Solved

SSL vpn to vlan implicit deny

  • October 31, 2024
  • 2 replies
  • 1266 views

Ive been trying at this for awhile and cant wrap my head around the problem. 

 

Im trying to go from ssl vpn to vlan100

Fortigate sees vlan100 in the routing table.

 

It has a firewall policy allowing it. 

 

yet the policy match tool and debug shows it going to the implicit deny policy

 

 

What else am I missing?

    Best answer by pminarik

    The policy demands an authenticated user - are they listed in the table of authed users?

     

    > diag firewall auth list

    => find the username, check if it has the right IP

    2 replies

    tyrsofrage
    tyrsofrageAuthor
    New Member
    October 31, 2024

    debug output

    pminarik
    Staff
    pminarikAnswer
    Staff
    October 31, 2024

    The policy demands an authenticated user - are they listed in the table of authed users?

     

    > diag firewall auth list

    => find the username, check if it has the right IP

    tyrsofrage
    tyrsofrageAuthor
    New Member
    October 31, 2024

    Thanks! That lead me down the right path. 

    I ran that command and saw the right user listed but it said it was in a user group. The GUI didn't show that user in any group. I matched the group mentioned in the cli to the user in the GUI and it worked. Kinda odd.

    Terms & ConditionsCookie settingsAccessibility statement