Skip to main content
Claush_
Claush_
New Member
April 27, 2022
Solved

VPN SSL with ZONE ISSUE firmware 7.0.5 model 201F

  • April 27, 2022
  • 2 replies
  • 2370 views

I am using the SSL-VPN tunnel interface (ssl.root) in a zone. But in the vpn ssl configuration it does not detect the policy created using the zone instead of the interface.

There is a document that indicates that this configuration is possible.

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/538358/use-ssl-vpn-interfaces-in-zones-7-0-1

But I am trying version 7.0.5 and it does not work.


Here is the zone:

Claush__0-1651055392713.png


This is the policy:

Claush__1-1651055455808.png

But in the ssl settings apper the missing policy error:

Claush__2-1651055490588.png

Has anyone had this problem?

 

Best answer by seshuganesh

Hi Team,

 

I have checked again for the web mode as well. It is working both for forticlient and web mode.

Please let me know the firmware version you are using. I will check and keep you posted.

 

2 replies

seshuganesh
Staff
seshuganesh
Staff
April 28, 2022

Hi Team,

 

Yes we are getting that error, But still we are able to connect to SSL VPN.

Make sure to add user in firewall policy in source field along with IP address.

Could you please check and keep us posted.

Claush_
Claush_Author
New Member
April 28, 2022

Hello,


As you can see i have the policy with user group and the ip address that you mention 

Claush__0-1651159199065.png

but when I try to connect to the vpn from the right realm (it works if I take it out of the zone) I get this error "Error: Permission denied".

Claush__1-1651159808642.png

I did a packet capture and the traffic arrives correctly, only that for some reason it does not authenticate (I reaffirm, only when it is inside the zone it does not work, when I have the policy without the zone with the ssl interface it works correctly).

 

I don't know if I have any extra error in my configuration, if you could confirm it, I would be very grateful.

 

seshuganesh
Staff
seshuganeshAnswer
Staff
April 28, 2022

Hi Team,

 

I have checked again for the web mode as well. It is working both for forticlient and web mode.

Please let me know the firmware version you are using. I will check and keep you posted.

 

Claush_
Claush_Author
New Member
April 28, 2022

Hi,

Where are using Fortigate 201F 7.0.5 build0304 (GA)

Here is the ssl config in case do u need to look something in specific 

Claush__0-1651168987584.png

 

Terms & ConditionsAccessibility statement