Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Claush_
New Contributor II

Created on ‎04-27-2022 03:32 AM Edited on ‎04-27-2022 04:12 AM

VPN SSL with ZONE ISSUE firmware 7.0.5 model 201F

I am using the SSL-VPN tunnel interface (ssl.root) in a zone. But in the vpn ssl configuration it does not detect the policy created using the zone instead of the interface.

There is a document that indicates that this configuration is possible.

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/538358/use-ssl-vpn-interfaces-in-zon...

But I am trying version 7.0.5 and it does not work.


Here is the zone:

Claush__0-1651055392713.png


This is the policy:

Claush__1-1651055455808.png

But in the ssl settings apper the missing policy error:

Claush__2-1651055490588.png

Has anyone had this problem?

 

Labels:
1102
0 Kudos
1 Solution
seshuganesh
Staff
Staff

Created on ‎04-28-2022 09:20 AM

Hi Team,

 

I have checked again for the web mode as well. It is working both for forticlient and web mode.

Please let me know the firmware version you are using. I will check and keep you posted.

 

View solution in original post

1069
0 Kudos
4 REPLIES 4
seshuganesh
Staff
Staff

Created on ‎04-28-2022 04:41 AM

Hi Team,

 

Yes we are getting that error, But still we are able to connect to SSL VPN.

Make sure to add user in firewall policy in source field along with IP address.

Could you please check and keep us posted.

1048
0 Kudos
Claush_
New Contributor II
In response to seshuganesh

Created on ‎04-28-2022 08:35 AM

Hello,


As you can see i have the policy with user group and the ip address that you mention 

Claush__0-1651159199065.png

but when I try to connect to the vpn from the right realm (it works if I take it out of the zone) I get this error "Error: Permission denied".

Claush__1-1651159808642.png

I did a packet capture and the traffic arrives correctly, only that for some reason it does not authenticate (I reaffirm, only when it is inside the zone it does not work, when I have the policy without the zone with the ssl interface it works correctly).

 

I don't know if I have any extra error in my configuration, if you could confirm it, I would be very grateful.

 

1044
0 Kudos
seshuganesh
Staff
Staff

Created on ‎04-28-2022 09:20 AM

Hi Team,

 

I have checked again for the web mode as well. It is working both for forticlient and web mode.

Please let me know the firmware version you are using. I will check and keep you posted.

 

1070
0 Kudos
Claush_
New Contributor II
In response to seshuganesh

Created on ‎04-28-2022 11:03 AM

Hi,

Where are using Fortigate 201F 7.0.5 build0304 (GA)

Here is the ssl config in case do u need to look something in specific 

Claush__0-1651168987584.png

 

1037
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.