I am looking to configure SSL VPN tunnel for web browsing while traveling on firmware v4.0 MR3 Patch 18. I am able to connect with FortiClient (confirmed in client and SSL-VPN Monitor), but when trying to reach any address (e.g. www.google.com), nothing gets through.
I have configured the following: 1) User Group Allow SSL-VPN Access= full-access (this is just selects web portal, right?) with Member(s) added.
2) Static Route Destination IP/Mask= 10.212.134.0/255.255.255.0 (SSLVPN_TUNNEL_ADDR1) Device= ssl.root
3a) Policy ssl.root -> wan1 Source= sslvpn tunnel interface/SSLVPN_TUNNEL_ADDR1 Destination= wan1/all Action= ACCEPT No NAT
3b) Policy wan1 -> ssl.root Source= wan1/all Destination= sslvpn tunnel interface/SSLVPN_TUNNEL_ADDR1 Action= SSL-VPN User Group= ssl-tunnel
What am I missing? Thank you in advance!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Need a NAT for ssl.root->wan1.
Same results if I "Enable NAT" with "Use Destination Interface Address" (cannot select Use Dynamic IP Pool). No traffic gets through.
It's been a while since we were using 4.3.18 (3 years ago) and SSL VPN config has changed quite a bit with 5.0 then 5.2 so I don't remember well. But I would start debugging with traceroute from the client and sniffing at FG, then eventually flow debugging at FG why it drops if it's reaching the FG. I would guess it's a simple policy or routing issue.
One more important tool I would use is "app debug", or "diag debug app sslvpn -1".
Are you trying to use split tunneling where Internet traffic goes out the remote Internet path, or do you want the Internet traffic to pass through the tunnel and out the HQ FGT?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Not looking to split tunnel, just pass all internet traffic through tunnel and out HQ FGT.
Not looking to split tunnel, just pass all internet traffic through tunnel and out HQ FGT.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.