Description | This article describes how to troubleshoot on the FortiGate, if the poll AD server as an external connector down on the FortiGate firewall. |
Scope | FortiGate. |
Solution |
External Connector down over the IPsec VPN both ends FortiGate Firewall:
Step 2: Take below debug log below with a particular destination port or default port 445. diagnose sniffer packet any " port 445 " 4 0 a
Take the packet capture towards the AD server initiate a connection, and see with which source IP traffic is going out. If the source IP is taking a different mentioned the correct source IP address on the external connector on the CLI.
config user fsso-polling set status enable
Or:
config system interface edit x.x.x -> x.x.x IPec tunnel interface name. set IP with source IP address
Then try to connect the External Connector, it will work.
diag debug reset diag debug enable
Verify the Policy for IPsec tunnel from IPsec to LAN/LAN to IPsec. Check on both Inbound/Outbound Policy. Src IP address of outgoing traffic is added or not, once added on the Policy, then the external connector will work fine.
Now, try to connect again from an external connector, and it will work. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.