Is there a setting that blocks users currently on site to connect to another SSLVPN FortiGate from another site?
Every time I go to this 3rd party location I can never connect to our own VPN. It gets stuck at 10% and says "Unable to establish the VPN connection. The VPN server may be unreachable." They are also using FortiGate.
If I disconnect from their network and connect to the phone hotspot I am able to login to VPN just fine.
Pinging the remote public IP of the remote FortiGate works fine.
hi @welma ,
There is an option under SSL VPN settings to restrict access to specific hosts.
Double check the FGT configuration under the SSL VPN setting > Restrict Access .
What is the choosen option there allow all host or specify hosts ? If specified is the network of that site you are trying to access from included ?
Dear Welma,
Could you please check below:
1)Are you able to ping to FortiGate IP.
2)Are you able to telnet to SSL listening interface on ssl port.
3)If so, Please check if there are any restrictions in source address of ssl vpn settings.
4)Also check if there is any restrictions from source address for the given authentication rule/portal.
Hope this helps!
Hi @welma,
The FortiGate at the 3rd party location might only allow specific services such as HTTPS, DNS, and ICMP. Which port are you using to connect to the SSLVPN?
Regards,
Hello Welma,
It is obvious that there is a network restriction on this 3-rd party location network.
Pinging Fortigate public IP is not enough,
You need to test telnet to Fortigate Public IP/FQDN on VPN port, you can also try the SSL VPN Web mode if you are able to access it.
-BR-
Or just ask whoever manage the FGT at the 3rd party location if your SSL VPN port (like TCP 10443) access is prohibited/blocked.
Toshi
Hello @welma ,
The cause may vary depending on the percentage the negotiation stops at 10%.
Thanks,
Pavan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.