- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Netbios through SSL-VPN
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 10-05-2006 03:39 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Netbios through SSL-VPN
Hi all,
I can' t succeed in making network browsing work through SSL-VPN.
All I' m able to do is connect to shared resources with IP addresses.
If I try to connect to a resource \\server\shared_folder, the host
answers it cannot find the path to this resource.
Just as if the host couldn' t find the master browser in the lan.
Same thing if I try to browse the network.
I put a WINS server and an internal DNS server in the SSL-VPN advanced
configuration but without any success.
A few details :
The remote user is logged locally.
FortiOS is V3MR2
the domain reached is a Windows 2000 Active Directory
Policy is any/any/ssl-vpn
In web-mode, the bookmarks created are only working if the destination server is written with its IP address (ie: //192.168.0.1/shared/).
Bookmarks with server names (like //server/shared/) don' t work.
Same thing with tunnel-mode.
The only way I found to make this work (in tunnel-mode) is add the server' s
name in the client' s hosts file.
Does someone have the clue ? and is there a clue ?
Thanks for any answer,
Best regards,
Vincent MAZARD
DML France
www.dml.fr
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This appears to be a DNS issue. I had the same issue. I had to force all traffic via SSL VPNs through the tunnel, to force the use of our DNS servers. (Turned off split tunneling). The tricky part is creating a rule from port 2 to port 2 ( Internet to Internet) so that the tunnel traffic can see the Internet. I then gave this strange rule limited Internet capbility, and told my users, when they' re connected, don' t browse! Get over it. They should be in the network to do work anyway. Disconnect, browse, then reconnect. It takes 5 seconds to get the tunnel back up.
-Bob
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your answer.
Unfortunately this doesn' t solve my problem :
split-tunnelling is off
the remote clients do use the internal DNS servers.
And this isn' t sufficient for the clients to discover the network.
even a " net view \\some_internal_machine" doesn' t work.
Thanks anyway
I tried to add " netbios-forward enable" and " wins-ip n.n.n.n" without success (on both internal and external interfaces)
Vincent
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also, have you added the ' WINFRAME' protocol to the appropriate service group? This is Fortigate' s version of Samba.
Actually, now that I recall, I had to jump through hoops to get that to work. Let me dig through my config, and get you an answer.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here' s how I got it to work:
1) Create the user.
2) Create the user group, and in ' SSL-VPN User Group Options' , check ' Enable SSL-VPN Tunnel Service' , and make an IP range in ' Restrict tunnel IP range for this group' .
3) Create a ' Firewall -> Address Range' that corresponds with this user group.
4) Create a policy (source ' User Group' , destination ' Server Group' , Action ' SSL VPN' ) that will give this group the ' WINFRAME' protocol, among others.
Notes here:
NAT must be OFF in the policy, for this to work.
This forces any SSL VPN traffic using this user group to have an IP in a particular IP range. In turn the policy will take any IPs' s in the same range, and give them the approriate access.
I forgot this part as well:
In VPN -> SSL -> SSL VPN, open ' Advanced (DNS and WINS Servers)' and add your DNS servers. One thing I had to do manually is tell the users to open the FortiSSL client when connected, and input the DNS domain. That is one thing I have yet to find any product capable of doing automatically.
Hope this works for you. It does for me, though a bit cumbersome.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will this also work with IPsec VPN? I' m having the same issue....
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Winframe ins the Citrix Metaframe protocol (tcp 1494).
Nothing to do with Netbios communications...
Vincent
Not applicable
Created on 10-06-2006 12:47 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the answer for the tunnel mode :
The fortissl DUN connection doesn' t include the " Windows network client"
and " file and print sharing" components.
I wonder why these modules are not checked by default ???? (a bug ?).
Just check them both in the fortissl configuration and reconnect
to be able to browse the internal network.
For web-mode, the bookmarks with server names instead of IP addresses still doesn' t work....
Investigating further.
VM
Not applicable
Created on 10-06-2006 12:48 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found the answer for the tunnel mode :
The fortissl DUN connection doesn' t include the " Windows network client"
and " file and print sharing" components.
I wonder why these modules are not checked by default ???? (a bug ?).
Just check them both in the fortissl configuration and reconnect
to be able to browse the internal network.
For web-mode, the bookmarks with server names instead of IP addresses still doesn' t work....
Investigating further.
VM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I stand corrected. I crossed two different service groups when I was transferring info. WINFRAME is not needed here. (and it is Citrix, not SAMBA)
We only use tunnel mode here, not web mode. My users take the respective clients home and install them there. (Not with licensed software though). They connect directly to the servers over the SSL VPN.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- SSL VPN STUCK AT 98% 184 Views
- FortiClient VPN stops at 48% with... 682 Views
- We are facing issue with SSLVPN... 252 Views
- FortiClient always loses the connection a... 428 Views
- Cannot connect to network: Create VPN... 487 Views
Labels
-
FortiGate
7,229 -
FortiClient
1,427 -
5.2
801 -
5.4
639 -
FortiManager
626 -
FortiAnalyzer
465 -
6.0
416 -
FortiAP
378 -
FortiSwitch
376 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
282 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
178 -
FortiNAC
130 -
6.4
128 -
FortiGuard
117 -
IPsec
111 -
SSL-VPN
110 -
FortiGateCloud
97 -
FortiSIEM
95 -
FortiCloud Products
90 -
FortiToken
77 -
Customer Service
71 -
Wireless Controller
66 -
4.0MR3
64 -
SD-WAN
51 -
FortiProxy
49 -
FortiEDR
46 -
FortiADC
45 -
Fortivoice
44 -
FortiDNS
40 -
FortiGate v5.4
36 -
FortiSandbox
36 -
FortiExtender
35 -
FortiAuthenticator
35 -
Firewall policy
35 -
VLAN
32 -
FortiSwitch v6.4
32 -
High Availability
32 -
DNS
25 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
FortiConverter
23 -
LDAP
22 -
Certificate
21 -
BGP
21 -
SAML
20 -
FortiGate v5.2
20 -
Interface
20 -
FortiPortal
18 -
Routing
18 -
FortiSwitch v6.2
17 -
Authentication
17 -
VDOM
17 -
FortiLink
16 -
FortiMonitor
15 -
RADIUS
15 -
NAT
15 -
FortiGate v5.0
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
SSL SSH inspection
13 -
Virtual IP
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
11 -
Application control
11 -
SSO
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
IP address management - IPAM
9 -
FortiManager v5.0
9 -
OSPF
9 -
4.0MR2
9 -
WAN optimization
9 -
RMA Information and Announcements
8 -
FortiSOAR
8 -
Proxy policy
8 -
FortiAnalyzer v5.0
8 -
FortiBridge
8 -
SNMP
8 -
FortiGate v4.0 MR3
8 -
Web application firewall profile
7 -
Security profile
7 -
FortiAP profile
7 -
Automation
7 -
4.0
7 -
Admin
7 -
Static route
6 -
Traffic shaping policy
6 -
trunk
6 -
IPS signature
5 -
Packet capture
5 -
Port policy
5 -
Antivirus profile
5 -
System settings
5 -
DNS Filter
5 -
FortiCache
5 -
FortiTester
5 -
FortiManager v4.0
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Traffic shaping profile
4 -
FortiPAM
4 -
Fortinet Engage Partner Program
4 -
FortiCarrier
4 -
3.6
4 -
FortiScan
4 -
DLP sensor
4 -
DoS policy
4 -
Email filter profile
3 -
Fabric connector
3 -
NAC policy
3 -
Users
3 -
Multicast routing
3 -
FortiToken Cloud
3 -
Application signature
3 -
DLP Dictionary
3 -
FortiDB
3 -
DLP profile
3 -
FortiInsight
2 -
Netflow
2 -
Protocol option
2 -
Zone
2 -
FortiNDR
2 -
FortiAI
2 -
FortiHypervisor
2 -
Schedule
2 -
Authentication rule and scheme
2 -
Explicit proxy
2 -
Internet Service Database
2 -
VoIP profile
2 -
4.0MR1
1 -
File filter
1 -
RIP
1 -
Multicast policy
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
TACACS
1 -
Replacement messages
1 -
FortiManager-VM
1 -
SDN connector
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1089 | |
| 892 | |
| 535 | |
| 441 | |
| 152 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.