I have 2 VPNs configured in my forticlient VPN, one of those works fine but the other after it connects I can't acess any server in my network.
I checked that it shows that Received bytes are constantly at 0.
I was using an older version of the client for years until it stopped working for this 2nd VPN, then I updated it to version 7.4.0.1658, but the problem continued.
Can anyone help me understand what is the problem?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Since updating didn’t solve the issue, you might want to check the VPN configuration settings or A Detailed Guide firewall rules. It could be a problem with the network or VPN profile settings.
Hello,
Check the VPN setting on the Fortigate. Make sure that the user belongs to the correct group and that group has correct matching policies to allow traffic.
-Also once connected to vpn, try running a continuous ping to any server in your network.
-and then on Fortigate run sniffer
diag sniffer packet any 'host x.x.x.x and host y.y.y.y' 4 0 l
x.x.x.x --> ip after connecting to vpn
y.y.y.y --> ip address of the server in your network
https://community.fortinet.com/t5/Support-Forum/FortiClient-VPN-bytes-received-0/m-p/294604
Hi @lucas3,
Can you please try to generate some traffic such as ping internal gateway and run the following command on FortiGate to see if traffic is generated:
diag debug reset
diag debug flow filter addr X.X.X.X (VPN IP)
diag debug flow filter proto 1
diag debug flow show func ena
diag debug flow show ip ena
diag debug flow trace start 999
diag debug ena
Hello @lucas3 ,
It appears that incoming/received traffic may be dropped at some point, potentially on the FortiGate side. Running the commands provided by the previous engineer in the comments should give you a better understanding of the issue.
- Checking the FortiGate's forward logs, filtering by SRC IP (FortiClient assigned IP), to see if the traffic is being 'denied' or 'allowed'.
- Reviewing the routing tables on both the FortiGate and FortiClient's PC, specifically looking for the VPN assigned IP, to ensure proper routing configuration.
Also, please check the FortiClient device's routing table by running the command 'route print', which should show the outgoing traffic as normal.
Additionally, could you confirm whether this user is assigned to a split tunnel or full tunnel SSLVPN portal?
This information will be helpful in further troubleshooting.
Thank you,
Amandeep
thank you for the help. I'll ask the network team to help me with those tests and I'll update it here.
Since updating didn’t solve the issue, you might want to check the VPN configuration settings or A Detailed Guide firewall rules. It could be a problem with the network or VPN profile settings.
Sorry for the delay, finaly got an anwser. The problem was that my permission was changed, and after they corrected it my vpn started working fine. thank you all for the help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1011 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.