Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎08-14-2010 08:09 PM

Not getting an IP address using SSL VPN!

Fortigate-60 3.00-b-576(MR5 Patch7) Any user that connects is not getting an IP address in return and therefore can' d do anything on the network. See attached.
4047
0 Kudos
16 REPLIES 16
Not applicable

Created on ‎08-17-2010 09:44 PM

Thanks Bob, so now I can ping certain internal addresses and RDP to them but I don' t get an IP address, can' t map drives etc.
699
0 Kudos
rwpatterson
Valued Contributor III
In response to

Created on ‎08-18-2010 06:32 AM

What does your policy(s) look like? What services?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
699
0 Kudos
Not applicable

Created on ‎08-19-2010 10:28 PM

What specifically are you looking for? Here is a screen shot of the policy I think you mean:
699
0 Kudos
rwpatterson
Valued Contributor III
In response to

Created on ‎08-22-2010 08:54 PM

Try using 2 policies.
  • One from wan1 to ssl.root, type SSL-VPN, any-> any, all services.
  • One from ssl.root to [internal servers|VIP|subnet], type accept, SSL-VPN IP range -> inside device range, services.

    • Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    699
    0 Kudos
    ede_pfau
    SuperUser
    SuperUser

    Created on ‎08-23-2010 05:15 AM

    @rwpatterson:
    # One from wan1 to ssl.root, type SSL-VPN, any-> any, all services.
    you mean wan1->internal, right?
    Ede Kernel panic: Aiee, killing interrupt handler!
    Ede Kernel panic: Aiee, killing interrupt handler!
    699
    0 Kudos
    rwpatterson
    Valued Contributor III
    In response to ede_pfau

    Created on ‎08-23-2010 08:03 AM

    Nope. In tunnel mode I use the two tiered wanx -> ssl.root then ssl.root -> internal approach. With the web mode wanx -> internal works fine. May be overkill, but I stick with what works for me.

    Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    699
    0 Kudos
    ede_pfau
    SuperUser
    SuperUser

    Created on ‎08-23-2010 09:10 AM

    a-ha, thanks. I' ve got to think about this.
    Ede Kernel panic: Aiee, killing interrupt handler!
    Ede Kernel panic: Aiee, killing interrupt handler!
    699
    0 Kudos
    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2024 Fortinet, Inc. All Rights Reserved.