- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Remote Access VPN Full Tunnel
Hello,
I create SSL VPN for specific user with tunnel-access enabled. The client can access the internal resources using forti client but the user not able reach to the internet.
I already create security policy to allowing vpn client to access to the internet, the rule was hitting but the client still not able connect to internet. Anyone know why?
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have a central nat rule for SSL VPN interface to Internet ? Can you check the session table entry for any of these non working sessions and see if the packets are getting NATed?
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can we check the the DNS is working fine? Is the client able to ping internet (8.8.8.8 or 4.2.2.2)? Can they do an nslookup from the machine when VPN is connected and see if the resolution works?
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is not DNS issue because i not able ping using ip address such as 8.8.8.8. Is needed special routing or NAT configuration?
The traffic was accepted by firewall rule, but still not able to reach to the internet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As per the logs there is no return traffic, do you have source nat enabled on the firewall policy?
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The NAT already configured on Central SNAT and there are no menu for NAT on the firewall policy rule.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have a central nat rule for SSL VPN interface to Internet ? Can you check the session table entry for any of these non working sessions and see if the packets are getting NATed?
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Created on 06-11-2024 10:25 PM Edited on 06-11-2024 10:29 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not have central nat rule for SSL VPN interface, only Central nat which i post in previous my post.
Here my forti session table, seem the traffic is not NATed right?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's work now after add NAT policy from VPN interface
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is great :)
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.