Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jdiaz
New Contributor

Connected to VPN, cannot access servers.

Hello,

 

I need some help with this issue. I have a user who is working remotely and connecting to the Forticlient VPN software. She is able to log in just fine however she cannot access our server drives or our exchange server. However, when I log in at my location I am able to access the drives just fine.

 

Could anyone help me pinpoint the issue. I'm not an expert in this area by any means but I am the only one available to help.

 

Thank you.

5 REPLIES 5
orani
Contributor II

You have to check the group that the user account is. And you have to make tow policies for accepting this kind of traffic (vpn-->server and server-->vpn)

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
tdragon
New Contributor II

Configuration screen shot is needed to address this issue ,than kyou

TecnetRuss

Here's what I'd recommend you do first to try to pinpoint the problem:

 

Assuming the FortiClient device successfully connects and you have access to it, and assuming that your VPN to LAN IPv4 policies are configured to allow ping/ICMP and your servers are configured to respond to ping, try to ping the server by short name (e.g. ping exchangeserver1), full name/FQDN (e.g. ping exchangeserver1.domain.local) and by internal IP address (e.g. ping 192.168.1.111).

[ul]
  • If none of the above work, you've likely got a missing or misconfigured VPN to LAN interface IPv4 policy.  Check to make sure that the source and destination address objects are correct and that the right user/group object that includes the VPN user who is having trouble is in the source column of the policy.
  • If the IP ping works but the short name and full name/FQDN pings don't work, then it's likely your policies are correct but you've got a DNS problem.  Check that you have your internal DNS configured properly in your VPN settings.  In a Windows AD domain environment these usually point to your domain controller's IP addresses.  If the DNS servers are set properly it's also possible that you don't have a VPN to LAN policy configured to allow DNS traffic (service) to your DNS Server IP addresses, so DNS lookups are getting dropped.
  • If the full name/FQDN ping works but the short name ping doesn't, your drive mappings may be using short names and the VPN configuration is likely missing your internal domain DNS suffix.  Two options:[ul]
  • Set the DNS suffix in your VPN config - see my post here https://forum.fortinet.com/tm.aspx?tree=true&m=184557&mpage=1
  • Change your drive mappings from \\server\share to \\server.domain.local\share.[/ul][/ul]

    These are the most common misconfigurations that I run into.  It's odd though that you say it works for you but not another worker.  If none of the above help then I'd start looking deeper into what is different about your configuration compared to hers (VPN group membership, FortiClient version, OS configuration, etc.).

     

    Russ

    NSE7

  • WLiech

    Not helpful at all

     

    mahesh_pm
    New Contributor II

    hi,

    if you trying to access windows server please check the windows firewall status.

    also check whether any antivirus firewall dropping the VPN subnet.

     

    Regards

    Mahesh

    Labels
    Top Kudoed Authors