Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Marklar
New Contributor

New SSL VPN Portal Not Working

Heyoo,

 

We have a stock "full-access" portal we use that enables split tunneling. We have a single user that has an application on her laptop that much appear to come from within our network in order to work. All I am trying to do is create another portal, just for her, that disables split tunneling.

 

Portal is created..no problem.

I create a new SSL VPN firewall policy specifying the user and info and authentication rule specifying the SSL portal to use and I am unable to save it without error about range not valid...

 

Is this the correct procedure to do this? I'm following the cookbook for 5.0.7 and I thought it was pretty staightforward but I guess not. All I want is a second portal for a single user that doesn't use split tunneling.

 

Thanks!

1 Solution
Toshi_Esumi
Esteemed Contributor III

Are you sure Local Interface is wan1? Generally that's LAN side. Take a look at the existing polity.

View solution in original post

5 REPLIES 5
Toshi_Esumi
Esteemed Contributor III

I don't remember exactly how 5.0 SSL VPN config looked like since they changed quite a bit w/ 5.2, which we're current running. Based on the error message you described, looks like it doesn't like another portal referred by another policy with different set of users is sharing the same IP pool with the original one. Try assigning a different pool without overlapping.

Marklar

Thanks - that still didn't work. I must be missing something but can't pinpoint it. I'm getting a new error when saving the config though - any other ideas?

Marklar

The error:

Toshi_Esumi
Esteemed Contributor III

Are you sure Local Interface is wan1? Generally that's LAN side. Take a look at the existing polity.

Marklar

Doh! That was it...what a bonehead I am sometimes. I had the incoming interface as ssl.root and local interface as Wan1 (gee..that makes perfect sense...NOT) but it should have been Wan1 for incoming and LAN as local.

 

Works now - thanks Toshi!

Labels
Top Kudoed Authors