FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dshiraddi
Staff
Staff
Description
This article provides solution if SSL VPN connection failing due to policy deny.
No logs on debug command related to SSL VPN during the issue.
# diag debug reset
# diag debug app sslvpn -1
# diag debug en

Solution
Run debug command to check traffic of SSL VPN.
# diag debug reset
# diag debug flow sh fu en
# diag debug flow filter addr <IP of sslvpn>
# diag debug flow trace start 100
# diag debug en
Getting error on policy deny as below:

id=20085 trace_id=1273 func=fw_local_in_handler line=410 msg="iprope_in_check() check failed on policy 0, drop"
Create specific policy from source interface from where connection getting initiated to Loopback interface.
Go to policy & object -> ipv4 policy and 'Create New'.





Post policy creation user is able to connect on SSL VPN.

Contributors