Good day,
I have posted about this issue before but have got a bit further so wanted to start where I am.
I am running FortiGate 7.2 with a VPN NOT in Split Tunnel mode authenticating to DUO VPN and LDAP.
The current VPN was setup my someone else who has left the company and trying to create more "VPN - Tunnel All" so that I can give different Web Filters based on users AD group.
I have created the Firewall Rule below with an AD group "VPN-OUT-ITSU" currently disabled below which allows the VPN to connect and filters the Web Traffic correctly but does not allow the user to access local resources which is should.
I have noticed that when I try and connect on the new Firewall Policy via FortiClient VPN the percentage goes to 98% before I have to do the two-factor code, and the old one goes to 45% which is odd.
I cant see what is going wrong and why when I enable the new one and I test I cant get to any resources.
Thanks for any advice and help.
Julian
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Referring here: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-and-two-factor-expiry-timers...
As your are using DUO as MFA for your remote users, the authentication might have timed out before the sslvpn connection got to complete. I would recommend to increase the remoteauthtimeout value from the default 5 seconds to something like 60 seconds.
thanks for the reply, the VPN does connect and I can see it connected in the FortiGate console, it looks like its just not routing traffic to the local LAN.
Hi @julianhaines,
In that case, you can run debug flow to see if traffic is being dropped. Please refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1099 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.