Hi Guys,
Just wondering If I want to allow external web service hosted on third party vendor to SSL_VPN user. What steps I need to follow. Though that external web service URL is only accessible from our private company network due to external public facing IP binding I guess done by vendor. But needed to be accesible over our SSLVPN user as a part of test.
Firewall model: Fortigate200D(Master) HA mode
Operation Mode : NAT
Inspection Mode: proxy -based
SSL VPN tunnel
firm: v5.4.3
cheers!
Thanks
Atul
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You will want to remove split tunnel SSL VPN (make it so that all traffic, both interesting (internal network) and non interesting (users internet traffic) goes through your Firewall via the SSL VPN) so that your users will show your organization's public IP when surfing the net and in turn will be allowed to access the vendors site.
Mike Pruett
1: you need a firewall policy that allows the SSLVPN pool assignment and service HTTP/HTTPS
2: the source interface will be the ssl.root ( ssl.<vdomname> )
3: use the cli cmd diag debug flow to analyze and you will see the problem(s)
4: alternative you could defined a explicit proxy and have the clients use it.
PCNSE
NSE
StrongSwan
You will want to remove split tunnel SSL VPN (make it so that all traffic, both interesting (internal network) and non interesting (users internet traffic) goes through your Firewall via the SSL VPN) so that your users will show your organization's public IP when surfing the net and in turn will be allowed to access the vendors site.
Mike Pruett
1: you need a firewall policy that allows the SSLVPN pool assignment and service HTTP/HTTPS
2: the source interface will be the ssl.root ( ssl.<vdomname> )
3: use the cli cmd diag debug flow to analyze and you will see the problem(s)
4: alternative you could defined a explicit proxy and have the clients use it.
PCNSE
NSE
StrongSwan
Thanks guys. Its resolved now. Issue was with our SSL VPN IPv4 policy static routing. Where it didn't have our WAN IP added.
cheers
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.