Hello,
I create SSL VPN for specific user with tunnel-access enabled. The client can access the internal resources using forti client but the user not able reach to the internet.
I already create security policy to allowing vpn client to access to the internet, the rule was hitting but the client still not able connect to internet. Anyone know why?
Solved! Go to Solution.
Do you have a central nat rule for SSL VPN interface to Internet ? Can you check the session table entry for any of these non working sessions and see if the packets are getting NATed?
Can we check the the DNS is working fine? Is the client able to ping internet (8.8.8.8 or 4.2.2.2)? Can they do an nslookup from the machine when VPN is connected and see if the resolution works?
This is not DNS issue because i not able ping using ip address such as 8.8.8.8. Is needed special routing or NAT configuration?
The traffic was accepted by firewall rule, but still not able to reach to the internet.
As per the logs there is no return traffic, do you have source nat enabled on the firewall policy?
The NAT already configured on Central SNAT and there are no menu for NAT on the firewall policy rule.
Do you have a central nat rule for SSL VPN interface to Internet ? Can you check the session table entry for any of these non working sessions and see if the packets are getting NATed?
Created on 06-11-2024 10:25 PM Edited on 06-11-2024 10:29 PM
I'm not have central nat rule for SSL VPN interface, only Central nat which i post in previous my post.
Here my forti session table, seem the traffic is not NATed right?
It's work now after add NAT policy from VPN interface
That is great :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.