- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Change VPN SSL interface
Hi guys.
I have two Fortinets 80C in cluster. I configured the VPN SSL access some time ago on WAN1, it worked fine. Now I need to move the VPN SSL to WAN2, changed in VPN->SSL->Settings ->Listen on interface from WAN1 to WAN2, port 10443, but neither the client not the web page works. The client stops at 10%. It seems the port 10443 is not listening. Restarted the VPN SSL Daemon to no effect, rebooted both nodes to no effect.
Is something more I have to change?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
via cli go to:
config vpn ssl settings
config authentication-rule
edit 1
unset source interface (or set source interface to new interface)
next
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, still no working. True that both auth rule had the old interface, this is a get after I changed to the new:
FGT80C3911606514 (authentication-rule) # get 1
id : 1
source-interface:
== [ wan2 ]
name: wan2
source-address:
== [ all ]
name: all
source-address-negate: disable
source-address6:
source-address6-negate: disable
users:
groups:
== [ Grupo de usuarios para VPN SSL ]
name: Grupo de usuarios para VPN SSL
portal : RDP por VPN
realm :
client-cert : disable
cipher : any
auth : any
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
did you tried to unset source-interface?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The interface listened on is set outside the auth rules section:
config vpn ssl settings
set port 443
set source-interface "wan1"
...
This is in FOS v5.2.9
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you change the policys that the SSLVPN interface uses as well?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys.
"The interface listened on is set outside the auth rules section"
source-interface:
--More-- == [ wan2 ]
--More-- name: wan2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"Did you change the policys that the SSLVPN interface uses as well?"
Sorry, what do you mean? The only policies are from the ssl.root interface.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh sorry, yeah in the new versions you dont use the external interface in the policy.
Do you have any VIP that uses port 443 on WAN2?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually I am using port 10443 for the VPN.