Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Owen_Keefer
New Contributor

SSL-VPN Mapping Network Drive

Greetings; SSL mode is full-access Fgt-50B 4.0 I can map a network drive at work using win-xp explorer without problem. How do I map a network drive over SSL? I have tried a wide variety of things without success. Thanks...

----------------------------------------- Fortiwifi-50B v4.2.11  &  Fortigate-60D v5.4 Admin since 10-2009 <end.>

----------------------------------------- Fortiwifi-50B v4.2.11 & Fortigate-60D v5.4 Admin since 10-2009 <end.>
4 REPLIES 4
darrencarr
New Contributor II

Hi Owen To do this you need to define your SSL VPN configuration correctly. There are lots of docs relating to this in the KB, and some recent posts regarding the preferred configuration. i.e you need to define a IP range for your SSL users, you need a route with a destination as your ' SSL ip range' , with a gateway of the ssl.root (assumming you are using a single VDOM). You then need a policy that will allow from lets say WAN->ssl.root with an action set to SSLVPN, and a policy from ssl.root->Internal with an action set to accept and the appropriate service. If you want to allow mapping a drive then you may need to create a custom service (Firewall->Service) for what you are trying to achieve... The key things are: - the ip pool for your ssl clients - your ssl user and user group (local, remote, etc) - ssl config (depends on your OS - may need to configure a portal) - the route for your ssl clients to internal (or where you need to get to from the sslvpn) - policies for the traffic (need at least one with action set to SSLVPN) - protection profiles configured (not a specific requirement but nice to have) for your traffic (incoming)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B v4.0,build0130 (MR1 Patch 3)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B v4.0,build0130 (MR1 Patch 3)
darrencarr
New Contributor II

Also.... what have you tried to far....just to save time..
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B v4.0,build0130 (MR1 Patch 3)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B v4.0,build0130 (MR1 Patch 3)
Owen_Keefer
New Contributor

Greetings All; I am trying to connect to a NAS at work over SSL. As far as I know I have every xp service I need running for such a connection. All of my SSL stuff seems to be working. When I setup the network system for SMB through SLL, it works ok. I thought it would be nice though to have windows explorer map and working for drag and drop. At work for Map Network Drive from Windows Explorer, I enter for server & share \\192.168.100.99\station & connect to the NAS. I was wondering what I would put in to connect over SSL? When I try to connect to the share using windows explorer, it says Network Path could not be found. Any ideas would be appreciated. Thanks...

----------------------------------------- Fortiwifi-50B v4.2.11  &  Fortigate-60D v5.4 Admin since 10-2009 <end.>

----------------------------------------- Fortiwifi-50B v4.2.11 & Fortigate-60D v5.4 Admin since 10-2009 <end.>
darrencarr
New Contributor II

Hi Owen Just to confirm... You can connect from external (Internet) to your SSLVPN (authentication setup correctly)? You get an ip address from your SSLVPN pool and in your SSL monitor you can see your connection? You have either defined SMB access through the Web Portal....or have enabled tunnel mode for your SSLVPN? You have defined two policies...one for authentication..the other for your ssl.root->internal If all of the above has been configured correctly then what do you have defined as the services that are allowed from your ssl.root->internal (or wherever your server is?) What you could try doing is enabling the sniffer on your firewall (debug utility) to capture how the firewall is interpreting your connection attempt: diag debug flow filter saddr x.x.x.x (where saddr is the ip address you have been allocated for your ssl connection) diag debug flow filter daddr x.x.x.x (where daddr is the ip address of your server) diag debug flow show console enable (will enable debugging to the console) diag debug flow trace start 99 (will capture the first 99 packets) diag debug flow show function-name enable diag debug enable (enables debugging) This will hopefully show up where your problem lies, either through a routing problem or a missing policy.
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B v4.0,build0130 (MR1 Patch 3)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B v4.0,build0130 (MR1 Patch 3)
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors