Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Christian_89
Contributor III

Created on ‎05-24-2022 04:32 AM

Fortigate SSLVPN TEAM

Hi, everyone

I have the following problem.
FortiVM02 customer arrives in a full tunnel with SSLVPN.
If the customer has video conferences via Teams, this does not work. Team breaks down.
In the office without SSLVPN it is not a problem.
I have SIP ALG disabled.
Have any of you experienced this yourself or know where the dog is buried?

Greeting

Christian

Labels:
3188
0 Kudos
12 REPLIES 12
jintrah_FTNT
Staff
Staff

Created on ‎05-24-2022 10:38 PM

Hi,

 

Did you mean that all traffic from client would reach FortiGate (ie, no split tunneling used)? If so, is there a policy from ssl interface to wan interface? And if it did, does it have any security profiles?

 

Best regards,

Jin

2526
0 Kudos
Christian_89
Contributor III
In response to jintrah_FTNT

Created on ‎05-25-2022 05:37 AM

Hello Jin I set up a full tunnel. I have no sec on the rule of SSLVPN-> WAN. profile active.

2517
0 Kudos
vsahu
Staff
Staff

Created on ‎05-25-2022 06:20 AM Edited on ‎05-25-2022 07:38 AM

Hello,

Are you using SDWAN if you can you create a rule with a Single interface only for the SSL VPN users and check

 

Regards,

Regards,
Vishal
2513
0 Kudos
Christian_89
Contributor III
In response to vsahu

Created on ‎05-25-2022 07:05 AM

Hello Vsahu 
I don't use SDWAN.

2510
0 Kudos
vsahu
Staff
Staff

Created on ‎05-25-2022 07:44 AM

Hello,

 

Can you create a new policy on the top of the existing one for the SSL VPN Teams Access, Use Internet service as a Destination and add the Microsoft-Skype_Teams. Disable all the UTM and check the behavior.
Teams.PNG

Regards,
Vishal
2503
Christian_89
Contributor III

Created on ‎05-26-2022 12:51 AM

 Hi Vsahu

I configured the rule to any.
Isn't that the same as configuring the Internet Service?

I have now created a rule with the Internet Service.

Greeting

Christian

2488
0 Kudos
vsahu
Staff
Staff

Created on ‎05-26-2022 04:40 AM

Hello Christian,

 

If you had the policy with All as the destination it should not cause any issues with the respected traffic, but it's sometimes better to segregate the Services which are having the issue and check the behavior that's why I suggested the same.

Regards,
Vishal
2479
0 Kudos
alif
Staff
Staff

Created on ‎05-26-2022 08:31 AM

Hi Christian,

 

If your company allows, you can also enable split tunneling. In this way, only the LAN traffic will traverse via SSL VPN while the Internet traffic will go via local Internet of the connected user.

 

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/307303/ssl-vpn-split-tunnel-for-remote-u...

Regards,
SFA
2468
0 Kudos
seshuganesh
Staff
Staff

Created on ‎05-26-2022 08:57 AM

Hi Team,

 

SIP alg is not related to microsoft teams.

If you experience teams call issue with ssl vpn, that could be because of bandwidth issue.

Can you create interface widget for wan interface

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/496187/fortiview-application-bandwid...

You can use this article and check for interface bandwidth widget.

Also, can you check if there is any DOS policy configured for the firewall?

2465
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.