Meaning he gets the local ip address but he has no internet access.
What can be done to resolve this issue?
Solved! Go to Solution.
Hi @BusinessUser,
Please refer to this article to find the policy id: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-find-policy-ID/ta-p/250799
Regard,
this should be probably because of using of full tunnel and not split tunneling ,
Please refer : https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
Hi @BusinessUser,
Most likely, you have split tunneling disabled under SSL VPN portal which means all Internet traffic will go through the VPN and you don't have a firewall policy to allow traffic from ssl.root to the wan interface. You have two choices:
1. Enable split tunneling as mentioned by pmeet: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
2. Create a firewall policy to allow traffic from ssl.root to wan interface.
Regards,
Disable split tunnel and a firewall policy should sove your issue.
Firewall policy - ssl - wan
Hi there,
Can you please upload SSL VPN setting for more information? Did you enable split tunnel or not? If yes please make sure you have a policy from SSL to Internet. Please refer to this document for more information about split tunnel of SSL VPN "https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
Regards,
Minh.
I am getting error message: could not enable split tunneling, as policy 5 has "all"
How do I know which is policy 5?
I can deduce it but how do I know which is policy 5?
Hi,
If you want to see the policy id in gui you have to click the gear on the left side of the column header in the firewall policy page and select the field policy id there and apply this. Then gui will show you the policy id.
Hi @BusinessUser,
Please refer to this article to find the policy id: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-find-policy-ID/ta-p/250799
Regard,
The concept of split tunnelling involves the ability to route specific traffic through the Firewall, which is why you mentioned specifying addresses in the SSLVPN portal. This is the reason you are unable to set "all" addresses in the policy.
To address this issue, you should disable split tunneling from the SSL VPN portal.
You can find a reference document on this topic here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
Ensure the DNS settings on the device are correct. Sometimes, incorrect DNS settings can prevent internet access. Set DNS to automatic or use a reliable DNS server like Google DNS (8.8.8.8 and 8.8.4.4).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.