Hi,
SSL-VPN connection on another device blocked after updating Fortigate 300E from 6.4.8 to 7.0.10
Communication is http communication due to the specifications of the device
Are there any restrictions related to http communication around here due to the update?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Can you please elaborate whether SSL-VPN traffic is passing through FortiGate? Moreover, can you please elaborate what you are referring to by http communication?
@rkashinaka
As I understand that post upgrading to 7.0.10, SSL VPN connection is blocked?
Please correct me if I am mistaken, SSL connection is already established but the only issue you are facing is in accessing HTTP services?
If you are using client certificates, there is a change on the 7.x versions that should have been automatically done in the config file during the upgrade in the user peer definition
config user peer
edit "test"
set subject "user.test.com"
it should be automatically changed to
config user peer
edit "test"
set subject "CN=user.test.com"
Can you check if this is your case?
Hello rkashinaka,
Can you take the debug on the FortiGate and test the connection, It will give us a clarity where it is failing
diagnose debug disable
diagnose debug reset
diagnose debug console timestamp enable
diagnose debug application sslvpn -1
diagnose debug application fnbamd -1
diagnose vpn ssl debug-filter src-addr4 x.x.x.x <--- in place of x.x.x.x use Public IP address of the client's PC
diagnose debug enable
Thanks Dear
I have additional info
http communication from the destination website seems to be blocked
Therefore, I was able to connect after allowing communication from the website(srcaddr) and communication to the SSL-VPN device(dstaddr).
I think a specific setting is blocking
Considering that I was able to connect before the version upgrade(6.4.8), I think that a specific setting is the cause of the block.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.