Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alaaelrayes
New Contributor III

Created on ‎06-11-2023 11:33 PM Edited on ‎06-11-2023 11:35 PM

IPsec IKEV2

Hi Team,

 

I've configured IPsec IKEV2 VPN with all required configs.

My problem is I can connect without internet because the traffic to the DNS pass through a deny policy as I'm using full tunnel.
I created another test policy on the top of policies but no internet and once I remove the group from that policy I can connect to internet.

Note that the group in that policy is added also in authgrps in the tunnel configs and I'm using FAC in my structure.

 

This screenshot after removing the group and the internet is allowed.

 

policy.JPG

Thanks.

FortiGate  

Labels:
998
0 Kudos
3 REPLIES 3
knagaraju
Staff
Staff

Created on ‎06-12-2023 04:17 AM

alaaelrayes,

Seems like the issue is with group matching on FAC. In order to isolate that, Please configure a test local user and check if it works.

Regards
Nagaraju.



976
0 Kudos
alaaelrayes
New Contributor III
In response to knagaraju

Created on ‎06-12-2023 04:51 AM

local account on FAC or FG ?

I created a local account and a group on FG and I updated that in tunnel authgrp but the same issue.

If I change back the tunnel to IKEV1, it works fine and this issue only with IKVE2.

968
0 Kudos
alaaelrayes
New Contributor III

Created on ‎06-13-2023 12:10 AM

Issue solved by adding the groups from FSSO.

 

Thanks all

954
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.