Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
David_P28
New Contributor II

Internet access on VPN SSL with tunnel mode

Hi,

I am using SSL VPN connection with split tunneling desactivated. I also use a WAN LLB interface.

My pb is that i can access to the local network, but i cannot access to Internet. So, i need to create an firewull rule with ssl.root in incomming interface and my WAN LLB link in outgoing interface. But in the outgoing interface list, i cannot see my LLB link ? 

Can you please help me to understant why ?

Thank you.

David.

5 REPLIES 5
boneyard
Valued Contributor

WAN LLB isn't a term anymore in newer FortiOS versions, which one are you using?

 

it is is a newer 5.6+ you are probably looking for the sdwan interface.

 

if not then adding a screenshot might help us understand and point out what you want.

David_P28
New Contributor II

Thank you for your reply,

i know that LLB is not used anymore and was replaced by SDWan. And my problem is not with that feature (who works well). I just wanted to know why i cannot select WAN interface in my policy (ssl.root to WAN) to allow internet access from SSL connections to the office internet access.

Do you have an idea ?

(the firmware migration is planned)

boneyard
Valued Contributor

my idea is that because WAN is a part of the LLB / SD-WAN interface, making it impossible to select part of that interface.

 

a screenshot of your available interfaces would help a lot with pointing it out.

David_P28
New Contributor II

Yes, the WAN interface is member of LLB link. But does it mean that i cannot set a policy to allow traffic from ssl.root interface to remote WAN ?

You can find below 2 screenshots of the available interfaces. If i select Internal, i can choose LLB for outgoing interface, but if i choose ssl.root, it disappears.

https://postimg.cc/D8RwXz5W

https://postimg.cc/HJgW6Pqd

 

 

[image]https://forum.fortinet.com/[/image][image]https://forum.fortinet.com/[/image]

boneyard
Valued Contributor

ok, like that, to me that feels like a bug, or some older default behaviour for LLB.

 

this older questions says it is an issue in 5.4 which is solved in 5.6

 

https://forum.fortinet.com/tm.aspx?m=150355