Client is able to connect to SSL VPN but as no internet access

BusinessUser · ‎09-14-2023

Meaning he gets the local ip address but he has no internet access.

What can be done to resolve this issue?

hbac · ‎09-15-2023

Please refer to this article to find the policy id: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-find-policy-ID/ta-p/250799

Regard,

View solution in original post

pmeet · ‎09-14-2023

this should be probably because of using of full tunnel and not split tunneling ,

Please refer : https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

PATELMM

hbac · ‎09-14-2023

Hi @BusinessUser,

Most likely, you have split tunneling disabled under SSL VPN portal which means all Internet traffic will go through the VPN and you don't have a firewall policy to allow traffic from ssl.root to the wan interface. You have two choices:
1. Enable split tunneling as mentioned by pmeet: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

2. Create a firewall policy to allow traffic from ssl.root to wan interface.

Regards,

spoojary · ‎09-14-2023

Disable split tunnel and a firewall policy should sove your issue.

Firewall policy - ssl - wan

Siddhanth Poojary

mle2802 · ‎09-14-2023

Hi there,

Can you please upload SSL VPN setting for more information? Did you enable split tunnel or not? If yes please make sure you have a policy from SSL to Internet. Please refer to this document for more information about split tunnel of SSL VPN "https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

Regards,
Minh.

BusinessUser · ‎09-14-2023

I am getting error message: could not enable split tunneling, as policy 5 has "all"

How do I know which is policy 5?

I can deduce it but how do I know which is policy 5?

pbangari · ‎09-15-2023

Hi,

If you want to see the policy id in gui you have to click the gear on the left side of the column header in the firewall policy page and select the field policy id there and apply this. Then gui will show you the policy id.

hbac · ‎09-15-2023

Hi @BusinessUser,

Please refer to this article to find the policy id: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-find-policy-ID/ta-p/250799

Regard,

maulishshah · ‎09-15-2023

@BusinessUser ,

The concept of split tunnelling involves the ability to route specific traffic through the Firewall, which is why you mentioned specifying addresses in the SSLVPN portal. This is the reason you are unable to set "all" addresses in the policy.

To address this issue, you should disable split tunneling from the SSL VPN portal.

You can find a reference document on this topic here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

Maulish Shah

KaisonValentino · ‎09-15-2023

Ensure the DNS settings on the device are correct. Sometimes, incorrect DNS settings can prevent internet access. Set DNS to automatic or use a reliable DNS server like Google DNS (8.8.8.8 and 8.8.4.4).

Client is able to connect to SSL VPN but as no internet access

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website