Fortinet Training Institute
DANIHOLG
New Contributor

SSL-VPN Secure Connection Failed

Hello,

I'm a novice at using FortiGate and I'm testing out Remote Access using SSL-VPN but I'm having issues when I access the Portal Site (See attachment no. 4). I am attaching the test configurations I have, I must be missing something.

Attachments:
1. SSL-VPN Settings
2. SSL-VPN Portals
3. IPv4 Policy
4. Browser Error

Appreciate your help.
UploadedImages_c6yu2kYOTOGFLWkFI8zW_01_SSL-VPN Settings-T.jpg
UploadedImages_xh1pTxvTbWdsSH3MBwvz_02_SSL-VPN Portals-T.jpg
UploadedImages_jZL09W5LSGGQu2xxrpFu_03_IPv4 Policy-T.jpg
UploadedImages_ENCnwjfLTDSJMIj5WQH0_04_Browser Error-T.jpg
16 REPLIES 16
makco10
Contributor II

Hello,

172.20.120.123 is not a public ip address, you need a public IP address to have access to the SSL-VPN interface from outside your network.

Regards.
Defend Your Enterprise Network With Fortigate Next Generation Firewall
Defend Your Enterprise Network With Fortigate Next Generation Firewall
DANIHOLG

Hi Marcos,

Thanks for your reply.

 I'm using GNS3 VM to simulate , attached is my test topology, will it not work on it?
makco10

Yes, you can use GNS3, I think the PC need to be connected from the 172.20.120.0 LAN to simulate a remote pc. 

Regards.

------------------------------
Defend Your Enterprise Network With Fortigate Next Generation Firewall
------------------------------
Defend Your Enterprise Network With Fortigate Next Generation Firewall
Defend Your Enterprise Network With Fortigate Next Generation Firewall
DANIHOLG

I actually run a route add command on my PC like below

route add 172.20.120.0 mask 255.255.255.0 192.168.150.254

Basically, I am able to manage the Fortigate from my PC. But I don't understand why I get an error when I access the portal site.
MichSara

I think you need to allow internal traffic back to the SSL-VPN Tunnel interface.
add a policy from internal to SS-VPN interface.

UploadedImages_bcFN9MzqTiO4qKFAvCMG_temp-T.jpg
MichSara

Actually I take that back, you wont need that for web access.
Rog_Frei
New Contributor

switch your browser and test again
DANIHOLG

Yeah i tried IE, Firefox and Chrome and nothing worked.
PC
New Contributor III

What URL do you use to mange the FortiGate and which one do you use to get to the SSLVPN? Assuming you are still working on it.