Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
anignan
Staff
Staff

Created on ‎12-04-2023 09:48 PM Edited on ‎12-04-2023 09:48 PM By Community Manager

Article Id 287659

Technical Tip: SSL VPN is not working when FortiGate is on NGFW Policy-based

Description This article describes that SSL VPN is not working when FortiGate is on NGFW Policy-based.
Scope FortiGate.
Solution

When FortiGate is operating in NGFW mode Policy-based, SSL VPN may not work, although it is configured under SSL VPN settings with a security policy to allow the traffic. When running the sniffer, TCP three-way handshake is not completing and sslvpnd is not running:

 

syn failing.PNG

 

In Policy-based NGFW, it is also necessary to have an SSL inspection policy under Policy&Objects -> SSL Inspection&Authentication for the SSL VPN traffic otherwise the sslvpnd will not start. 

 

policy2.PNG

 

Related document:

Profile-based NGFW vs policy-based NGFW
521
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.