Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SkinnyMonk
New Contributor

forticlient ssl vpn connected but no byte recieved

I'm trying to access some sites that are secured through forticlient VPN. I'm able to connect to VPN but the sites that I want to access are not accessible. byte received is 0. I've looked at log files. Config handler looks like why I'm having this behavior. I'm attaching the confighandler log if anyone can help me on how to correct this.

 

20220114 19:29:42.843 [confighandler:EROR] fctconfig_handler:156 Error occurred while polling. [4]
20220114 19:29:43.442 [confighandler:INFO] fctconfig_handler:212 Closing confighandler endpoint.
20220114 19:29:43.442 [confighandler:INFO] fctconfig_handler:214 Closing sqlite database.
20220114 19:29:43.876 [confighandler.log:INFO] main:61 confighandler daemon exiting.

 

1 REPLY 1
Somashekara_Hanumant

Hello,

From the above information, I understand that you were able to connect SSLVPN and not able to access the internal sites, correct me if I am wrong.

 

Please check the below;

1) run the "route print" command on SSLVPN client command prompt and then check if the routing is published for your internal web site IP address, if it is published then try to ping that IP address from SSLVPN client

2) At the same time run the below command on FortiGate

diag sniff packet any 'host x.x.x.x and icmp' 4 0 l

(Replace x.x.x.x with your internal web site address)

Also you can run the below debug commands to check which firewall policy it is hitting

diag debug reset
diag debug enable
diagnose debug flow filter addr x.x.x.x

diagnose debug flow filter proto 1
diag debug flow show function-name enable
diagnose debug console timestamp enable
diag debug flow trace start 200

 

Regards,

Somu

EMEA Technical Support