SSL VPN with WLLB

Question

Hi,  I tried to create virtual-wan-link (WLLB) with 3 WAN links such as WAN1, WAN2, VLAN500(port 16). I did created a default route with WLLB as well.  When the default route as WLLB, issues are as below  1) SSLVPN can connect but there is not route from SSLVPN address range to LOCAL-LAN. So there is no communication between sslvpn users and internal LOCAL-LAN. 2) Group of Devices in LAN couldn't connect to internet when assigning any Outgoing interface individually other than "wan-load-balance".  Look forward to your response and support soon. Thank you.  Regards Shamil

Somashekara_Hanumant · Answer

Hi Shamil,

For the first question:

> Have you mentioned the Local LAN address on SSLVPN firewall policy as destination address, and also on SSLVPN respective portal, have selected the same network under 'Routing Address"

Kindly provide the below command output from SSLVPN client (at the command prompt) after connecting the SSLVPN

route print

From the FortiGate CLI kindly provide the below command output

get router info routing-table all

get router info routing-table detail

For the second question:

When you reproducing the issue, kindly collect the packets from the below command and then try to access www.fortinet.com from one of the affected LAN user

diag debug reset diag debug enable diagnose debug flow filter addr x.x.x.x diagnose debug flow filter port 80 diag debug flow show console enable diag debug flow show function-name enable diag debug flow trace start 200

(where x.x.x.x is a www.fortinet.com IP address)

After initiating the above commands on the ssh session then try to browse fortinet.com

Regards,

Somu

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded