The 5.2 upgrade materials talk specifically about the combining of VPN routing and user identification rules. I think this is a good thing... HOWEVER... in addition to reviewing the rule-sets make sure you look at the SSL VPN settings as well. I found that everything worked with my upgraded config until I made the first rule change to one of my SSL VPN rules then EVERYTHING broke. I had to go in and reset some things like what interface it listened on, default portal etc.
One very nice part of this is that it seems to evaluate all VPN rules that have user groups in them and concatenate them into a single routing table download. Makes granular access rules much easier.
Yeah , the single SSLVPN page for configuration is a devil in disguised. I broke alot of things also mainly with the listen on tab and the default portal entry.
I really do miss the older sslvpn method for pre5.2
Is this anything that could cause problems in a 5.0 -> 5.2 upgrade regarding the SSL VPN? Provided no changes are made prior?
We have some telecommute employees that rely primarily on the SSL VPN to access internal systems.. can' t have them stuck!
As far as I remember last week, I had to make some change on SSL VPN Settings
On IPV4 Policy, there were sub-policy on SSLVPN Policy on 5.0.x, after upgrade thÃ¨ses rules have been split on dedicated rules.
2 FGT 100D + FTK200
3 FGT 60E
some FAP 210B/221C/223C/321C/421E
I just have a question :
Is it normal that a client of a VPN SSL (tunnel mode) have an IP address with mask /32 ?
Because my VPN SSL is configured, the client PC got an IP address on the
LAN but with netmask /32. So it can' t reach other devices on the LAN (the routing table is falsified).
It' s the first time which I configured a SSL VPN on FortiOS 5.2. I have already configured VPN SSL on FortiOS 4.3 but I have never check the netmask of a client (it' s worked correctly).
Thank you very much in advance.
What' s your cfg looking like and did you define a unique SSLVPN tunnel range?
If you would have done the later ( I' m assuming you didn' t ) than your /32 interface would not be relevant towards the lan subnet
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.