Morning all!
We're standing up a new location with a FortiGate 50E (current version v5.4.1,build1064). All seems pretty good so far with multiple VLANs, guest network, etc. While working on setting up the IPSec tunnels to other offices, I thought I could use our existing software VPN client that connects to our main data center.
When I am on our "corporate" WLAN network of the new office, I can connect with the VPN client and everything works except DNS - I have to do everything by IP or add to local HOSTS file. As long as I use IP address, file shares, email, RDP, etc. all work.
When I jump over to one of our Guest WLANs (everything open) and connect with the VPN client, name resolution works correctly. Makes me think I'm still blocking something needed on the "corporate" policy.
On the policy from corporate VLAN to outbound WAN, I have open for services:
[ul]
I'm sure it's something obvious...what am I missing on the corporate side?
Thanks in advance!
Edit: Well, may not be the FortiGate. Getting a port unreachable message from Wireshark when attempting to ping from my laptop (connected via the SSL client) to a server on the same network as the SSL server. Based on that it would appear to be something on the receiving end, even though I've turned off the firewall on that server (the AD/DNS server as indicated by Wireshark) to test. It seems to be intermittent now - every now and then I'll get a response - the name resolves and successfully pings - but most of the time i get no response (and port blocked in Wireshark).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.