Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TBC
Contributor

Created on ‎09-28-2022 01:49 AM

SSL-VPN Schedule problem

Hello @All,

 

we have ssl-vpn with schedule active, but the schedule is not working.

Our configuration for testing:

TBC_0-1664354809957.png

and the schedule:

 

    edit "tl-vpn-test"
        set start 06:00
        set end 08:00
        set day monday tuesday wednesday thursday friday
    next

 

 

For my understanding the login is possible from 06:00 to 08:00 (2 Hour) but the login is possible also at 10:00 o'clock.

What I'm doing wrong?

 

many thanks for helping

TBC

Labels:
1820
0 Kudos
1 Solution
sjoshi
Staff
Staff

Created on ‎09-28-2022 04:13 AM

Dear

 

Thank you for posting to the Fortinet Community Forum.

 

Problem Description:-
SSL-VPN Schedule problem

 

As per the issue description, you are able to connect to SSL VPN even in different time interval as configured in schedule in policy.


Is there any other firewall policy for ssl vpn user?

Can you share me the below logs:-
diag debug app sslvpn -1
diagnose debug application fnbamd -1
diag debug en

 

Also post connecting ssl vpn, please try to ping one of the internal server and run the below debug cmd
diagnose debug flow filter daddr
diag debug flow filter proto 1
diag debug en
diag debug flow show function-name en
diag debug flow trace start 999

This will help to show which policy it is matching

 

Let us know if this helps.

Thanks

Salon Raj Joshi

View solution in original post

1806
0 Kudos
2 REPLIES 2
sjoshi
Staff
Staff

Created on ‎09-28-2022 04:13 AM

Dear

 

Thank you for posting to the Fortinet Community Forum.

 

Problem Description:-
SSL-VPN Schedule problem

 

As per the issue description, you are able to connect to SSL VPN even in different time interval as configured in schedule in policy.


Is there any other firewall policy for ssl vpn user?

Can you share me the below logs:-
diag debug app sslvpn -1
diagnose debug application fnbamd -1
diag debug en

 

Also post connecting ssl vpn, please try to ping one of the internal server and run the below debug cmd
diagnose debug flow filter daddr
diag debug flow filter proto 1
diag debug en
diag debug flow show function-name en
diag debug flow trace start 999

This will help to show which policy it is matching

 

Let us know if this helps.

Thanks

Salon Raj Joshi
1807
0 Kudos
TBC
Contributor

Created on ‎09-28-2022 05:08 AM

Hello Salon,

many thanks for fast answer.

Problem is solved! The problem was a second vpn-policy without schedule!

Your hint has brought me to.

Many thanks for it

with best regards

TBC

1801
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.