Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BusinessUser
Contributor

Created on ‎09-14-2023 05:31 AM

Client is able to connect to SSL VPN but as no internet access

Meaning he gets the local ip address but he has no internet access.

What can be done to resolve this issue?

Labels:
3316
0 Kudos
1 Solution
hbac
Staff
Staff
In response to BusinessUser

Created on ‎09-15-2023 05:54 AM

Hi @BusinessUser

 

Please refer to this article to find the policy id: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-find-policy-ID/ta-p/250799

 

Regard, 

View solution in original post

3220
0 Kudos
9 REPLIES 9
pmeet
Staff
Staff

Created on ‎09-14-2023 05:38 AM

this should be probably because of using of full tunnel and not split tunneling ,

 

Please refer : https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/... 

PATELMM
3308
0 Kudos
hbac
Staff
Staff

Created on ‎09-14-2023 06:22 AM

Hi @BusinessUser,

 

Most likely, you have split tunneling disabled under SSL VPN portal which means all Internet traffic will go through the VPN and you don't have a firewall policy to allow traffic from ssl.root to the wan interface. You have two choices: 
1. Enable split tunneling as mentioned by pmeet: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

2. Create a firewall policy to allow traffic from ssl.root to wan interface. 

 

Regards,

3295
0 Kudos
spoojary
Staff
Staff

Created on ‎09-14-2023 07:15 AM

Disable split tunnel and a firewall policy should sove your issue.

 

Firewall policy - ssl - wan

Siddhanth Poojary
3284
0 Kudos
mle2802
Staff
Staff

Created on ‎09-14-2023 07:25 AM

Hi there,

Can you please upload SSL VPN setting for more information? Did you enable split tunnel or not? If yes please make sure you have a policy from SSL to Internet. Please refer to this document for more information about split tunnel of SSL VPN "https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

Regards,
Minh.

3279
0 Kudos
BusinessUser
Contributor

Created on ‎09-14-2023 08:38 PM

I am getting error message: could not enable split tunneling, as policy 5 has "all"

How do I know which is policy 5? 

I can deduce it but how do I know which is policy 5?

3247
0 Kudos
pbangari
Staff
Staff
In response to BusinessUser

Created on ‎09-15-2023 12:53 AM

Hi, 

If you want to see the policy id in gui you have to click the gear on the left side of the column header in the firewall policy page and select the field policy id there and apply this. Then gui will show you the policy id.

3231
0 Kudos
hbac
Staff
Staff
In response to BusinessUser

Created on ‎09-15-2023 05:54 AM

Hi @BusinessUser

 

Please refer to this article to find the policy id: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-find-policy-ID/ta-p/250799

 

Regard, 

3221
0 Kudos
maulishshah
Staff
Staff
In response to BusinessUser

Created on ‎09-15-2023 06:00 AM

@BusinessUser , 

 

The concept of split tunnelling involves the ability to route specific traffic through the Firewall, which is why you mentioned specifying addresses in the SSLVPN portal. This is the reason you are unable to set "all" addresses in the policy.

 

To address this issue, you should disable split tunneling from the SSL VPN portal.

 

You can find a reference document on this topic here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

Maulish Shah
3218
0 Kudos
KaisonValentino
New Contributor

Created on ‎09-15-2023 06:13 AM Edited on ‎09-18-2023 02:17 AM

Ensure the DNS settings on the device are correct. Sometimes, incorrect DNS settings can prevent internet access. Set DNS to automatic or use a reliable DNS server like Google DNS (8.8.8.8 and 8.8.4.4).

3210
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.