- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL-VPN error(6.4.8 to 7.0.10)
Hi,
SSL-VPN connection on another device blocked after updating Fortigate 300E from 6.4.8 to 7.0.10
Communication is http communication due to the specifications of the device
Are there any restrictions related to http communication around here due to the update?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Can you please elaborate whether SSL-VPN traffic is passing through FortiGate? Moreover, can you please elaborate what you are referring to by http communication?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rkashinaka
As I understand that post upgrading to 7.0.10, SSL VPN connection is blocked?
Please correct me if I am mistaken, SSL connection is already established but the only issue you are facing is in accessing HTTP services?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are using client certificates, there is a change on the 7.x versions that should have been automatically done in the config file during the upgrade in the user peer definition
config user peer
edit "test"
set subject "user.test.com"
it should be automatically changed to
config user peer
edit "test"
set subject "CN=user.test.com"
Can you check if this is your case?
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello rkashinaka,
Can you take the debug on the FortiGate and test the connection, It will give us a clarity where it is failing
diagnose debug disable
diagnose debug reset
diagnose debug console timestamp enable
diagnose debug application sslvpn -1
diagnose debug application fnbamd -1
diagnose vpn ssl debug-filter src-addr4 x.x.x.x <--- in place of x.x.x.x use Public IP address of the client's PC
diagnose debug enable
Vishal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Dear
I have additional info
http communication from the destination website seems to be blocked
Therefore, I was able to connect after allowing communication from the website(srcaddr) and communication to the SSL-VPN device(dstaddr).
I think a specific setting is blocking
Considering that I was able to connect before the version upgrade(6.4.8), I think that a specific setting is the cause of the block.