Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
HS08
New Contributor II

Created on ‎06-11-2024 08:54 PM

Remote Access VPN Full Tunnel

Hello,

I create SSL VPN for specific user with tunnel-access enabled. The client can access the internal resources using forti client but the user not able reach to the internet.

I already create security policy to allowing vpn client to access to the internet, the rule was hitting but the client still not able connect to internet. Anyone know why?

Labels:
236
0 Kudos
1 Solution
srajeswaran
Staff
Staff
In response to HS08

Created on ‎06-11-2024 10:19 PM

Do you have a central nat rule for SSL VPN interface to Internet ? Can you check the session table entry for any of these non working sessions and see if the packets are getting NATed?

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

198
8 REPLIES 8
srajeswaran
Staff
Staff

Created on ‎06-11-2024 09:56 PM

Can we check the the DNS is working fine? Is the client able to ping internet (8.8.8.8 or 4.2.2.2)? Can they do an nslookup from the machine when VPN is connected and see if the resolution works?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
214
0 Kudos
HS08
New Contributor II
In response to srajeswaran

Created on ‎06-11-2024 10:01 PM

This is not DNS issue because i not able ping using ip address such as 8.8.8.8. Is needed special routing or NAT configuration?

The traffic was accepted by firewall rule, but still not able to reach to the internet.

fw.png

211
0 Kudos
srajeswaran
Staff
Staff
In response to HS08

Created on ‎06-11-2024 10:05 PM

As per the logs there is no return traffic, do you have source nat enabled on the firewall policy?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
207
0 Kudos
HS08
New Contributor II
In response to srajeswaran

Created on ‎06-11-2024 10:10 PM

The NAT already configured on Central SNAT and there are no menu for NAT on the firewall policy rule.

fw2.png

203
0 Kudos
srajeswaran
Staff
Staff
In response to HS08

Created on ‎06-11-2024 10:19 PM

Do you have a central nat rule for SSL VPN interface to Internet ? Can you check the session table entry for any of these non working sessions and see if the packets are getting NATed?

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
199
HS08
New Contributor II
In response to srajeswaran

Created on ‎06-11-2024 10:25 PM Edited on ‎06-11-2024 10:29 PM

I'm not have central nat rule for SSL VPN interface, only Central nat which i post in previous my post.

Here my forti session table, seem the traffic is not NATed right?

fw4.png

195
0 Kudos
HS08
New Contributor II
In response to HS08

Created on ‎06-11-2024 10:33 PM

It's work now after add NAT policy from VPN interface

192
srajeswaran
Staff
Staff
In response to HS08

Created on ‎06-11-2024 10:48 PM

That is great :)

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
179
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.