Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
systemgeek1
New Contributor

No port is open after setting up a SSL VPN Client port under Settings

On my fortigate VM AWS Cloud I have setup a SSL VPN port under settings but when I check under Local Policy and when I try to telnet to the port there is nothing listening.  Is there more that needs to be setup?

4 REPLIES 4
AEK
SuperUser
SuperUser

Check if you selected the right interface in "Listen on Interface(s)" in the SSL VPN settings page.

AEK
AEK
jera
Staff
Staff

Hi @systemgeek1 ,

 

Make sure to configure firewall policy too. You can check this administration guide on how to properly setup SSLVPN:

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/307303/ssl-vpn-split-tunnel-....

 

In case you are still unable to access the VPN, please provide the error message you are getting.

 

- Run sniffer trace and debug flow:

 

diag sniffer packet any "port XXX" 4 0 l (replace X with port number)

 

Debug flow:

===========

 

#diagnose debug reset

#diag debug console timestamp enable

#diagnose debug flow filter clear

#diagnose debug flow filter dport X 

#diagnose debug flow show function-name enable

#diagnose debug flow filter saddr X.X.X.X ( source of traffic)

#diagnose debug flow filter daddr X.X.X.X (destination of traffic)

diag debug flow show iprope enable 

#diagnose debug flow trace start 500

#diagnose debug enable

 

 < RUN THE TEST>

 

To disable:

#diagnose debug flow trace stop

#diagnose debug disable.

JE
systemgeek
Contributor

Turns out the docs I was using never ever said to make the incoming interface ssl.root in the Firewall Policy.  Yours did.  Once I saw that I changed it and the port came right up.

 

Thank you, thank you, thank you.

jackysins952
New Contributor

Make sure that the SSL VPN service is properly enabled and configured in your FortiGate VM settings. Also, ensure that firewall rules are allowing traffic to reach the child recovery SSL VPN port. Double-check your settings and consult FortiGate documentation for any specific setup requirements.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors