At this point, I think something is not entirely clear to me :(
I’ll try to provide more details about the scenario and the issue:
1. This is the Dialup VPN (client to Fortigate), and it was working before the implementation of SD-WAN.
FG60E (test) # show
config vpn ipsec phase1-interface
edit "test"
set type dynamic
set interface "wan2"
set mode aggressive
set peertype any
set net-device disable
set mode-cfg enable
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set comments "VPN: test (creato da VPN wizard)"
set wizard-type dialup-forticlient
set xauthtype auto
set authusrgrp "VPN"
set ipv4-start-ip 192.168.50.1
set ipv4-end-ip 192.168.50.100
set dns-mode auto
set ipv4-split-include "test_split"
set save-password enable
set psksecret ENC ad0bNv/0orBzifHsTD4rOuf0r
next
end
-----------------
The related fw policy
FG60E # config firewall policy
FG60E (policy) # edit "10"
FG60E (10) # show
config firewall policy
edit 10
set name "vpn_test_remote_0"
set uuid 58e626b8-beeb-51ef-4616-54ea6336f9cc
set srcintf "test"
set dstintf "internal"
set action accept
set srcaddr "test_range"
set dstaddr "Company_network"
set schedule "always"
set service "ALL"
set nat enable
set comments "VPN: test (Created by VPN wizard)"
next
end
2. SD-WAN configuration
FG60E # config system sdwan
FG60E (sdwan) # config service
FG60E- (service) # edit "1"
FG60E (1) # show
config service
edit 1
set name "SDWAN-RULE"
set mode priority
set dst "all"
set src "all"
set health-check "SDWAN_SLA"
set link-cost-factor outbandwidth
set priority-members 2 1
set priority-zone "SD-WAN-Zone"
next
end
Now, if I try to connect to the Fortigate using FortiClient, nothing happens, and no traffic is logged (even with debug enabled)
If I try to configure a VPN within the SD-WAN, only the Site-to-Site option is available
So, what do I need to do to make FortiClient and IPsec VPN work with SD-WAN?
TNX
