Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
julianhaines
New Contributor III

Created on ‎12-04-2023 03:43 AM Edited on ‎12-04-2023 03:56 AM

FortiGate VPN

Good day,

 

I have posted about this issue before but have got a bit further so wanted to start where I am.

 

I am running FortiGate 7.2 with a VPN NOT in Split Tunnel mode authenticating to DUO VPN and LDAP.

 

The current VPN was setup my someone else who has left the company and trying to create more "VPN - Tunnel All" so that I can give different Web Filters based on users AD group.

 

I have created the Firewall Rule below with an AD group "VPN-OUT-ITSU" currently disabled below which allows the VPN to connect and filters the Web Traffic correctly but does not allow the user to access local resources which is should.

 

I have noticed that when I try and connect on the new Firewall Policy via FortiClient VPN the percentage goes to 98% before I have to do the two-factor code, and the old one goes to 45% which is odd.

 

I cant see what is going wrong and why when I enable the new one and I test I cant get to any resources.

 

Thanks for any advice and help.

Julian

 

 

FortiGate 041223.png

Labels:
745
0 Kudos
3 REPLIES 3
jiahoong112
Staff
Staff

Created on ‎12-04-2023 03:56 AM

Referring here: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-and-two-factor-expiry-timers... 

As your are using DUO as MFA for your remote users, the authentication might have timed out before the sslvpn connection got to complete. I would recommend to increase the remoteauthtimeout value from the default 5 seconds to something like 60 seconds.

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
735
0 Kudos
julianhaines
New Contributor III
In response to jiahoong112

Created on ‎12-04-2023 04:07 AM

thanks for the reply, the VPN does connect and I can see it connected in the FortiGate console, it looks like its just not routing traffic to the local LAN.

727
0 Kudos
hbac
Staff
Staff
In response to julianhaines

Created on ‎12-04-2023 10:51 AM

Hi @julianhaines,

 

In that case, you can run debug flow to see if traffic is being dropped. Please refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Regards, 

696
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.