Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mvig
New Contributor

Basic VPN Troubleshooting

The gist of my problem is that I cannot access network resources on multiple laptops (same account) from multiple locations both wired and wireless. I can however connect without issue. On the day this issue began "something" was being done onsite with the phone system and "something" was done with the firewall. 

 

We are a small company and I am the only user of the VPN .  We have no dedicated experts to look in to this so I need to get some idea what to look at to triage this. I've used it for years without issue before this day so I have a real hard time believing it is unrelated.

 

Is there a way I can go about determining what to look at? I suspect its the firewall or some sort of conflict that was introduced with the VoIP "upgrade".

 

Is there anything in the FortiClient diagnostic tool logs that can provide insight or in server side logs?

 

I am a developer and a decent troubleshooter but this is not within my realm of knowledge so I do not know the correct terminology or jargon.

 

Anything would be greatly appreciated.

3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

Well, a quickest way is to ask who made the change on the fGT what he/she did. Otherwise, it's going to be a long time before you can find out what might have done.

First thing to verify is if a route to the destination is in the routing table on the FGT. If so, it's relatively easy to figure out why your access doesn't route. Likely somemthing got changes in the policies. If the route is not there you need to find out how your access can get to it after the FGT.

Make sure your machine has a route for the destination into the tunnel. It could be a default route if it's not split-tunnel.

emnoc
Esteemed Contributor III

if you suspect the firewall changes cause the issue than revert is the logic solution here. Regards, I would at minimum do

 

 

cli diag debug flow

 

and use the   webUI diff for revisions and inspect the changes made.

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
mvig
New Contributor

Thanks. Now that I am on site I can investigate more.

 

Are there any server side logs I can check?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors