IPsec VPN connection on v7.4.0 not working entirely
After upgrading from V6.0.9 I created a new IPsec VPN, most of it works except one small detail.
When the VPN is active, trough FortiClient VPN, the connection to all internal resources works, browsing on the internet works, except when I want to connect to anything that has to be accessed through the firewall.
With the VPN active I can't connect to FortiGate admin portal. Anything that resolves to the WAN IP Address is getting dropped by the firewall, it is visible in the logs. There is a DNS server behind the firewall, but still the FortiGate admin Portal resolves to the WAN IP address and the connection is getting dropped by the firewall.
It jumps over the rule I created and applies the Implicity Deny rule created by default.
VPN rule is as follows:
To: InternalResources, WAN
Security Profiles: SSL no-inspection
I read the documentation for the IPsec VPN on 7.4.0, followed the steps and recreated the VPN step by step like in the documentation but still same issue. The VPN was created with the template type Remote Access & Pre-shared Key.
I checked on the forum but I have not found anything similar that could explain what might be wrong with the setup.
I believe you are trying to access FortiGate GUI using public the IP address via IPSEC VPN. The better option would be to route this MGMT traffic via an Internet link rather than using IPSEC VPN and access directly without VPN.
If you want to access the GUI via IPSEC VPN, you can try to configure the loopback IP on the remote FGT and access the FGT via the same IP
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.