Ive been trying at this for awhile and cant wrap my head around the problem.
Im trying to go from ssl vpn to vlan100
Fortigate sees vlan100 in the routing table.
It has a firewall policy allowing it.
yet the policy match tool and debug shows it going to the implicit deny policy
What else am I missing?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The policy demands an authenticated user - are they listed in the table of authed users?
> diag firewall auth list
=> find the username, check if it has the right IP
debug output
The policy demands an authenticated user - are they listed in the table of authed users?
> diag firewall auth list
=> find the username, check if it has the right IP
Thanks! That lead me down the right path.
I ran that command and saw the right user listed but it said it was in a user group. The GUI didn't show that user in any group. I matched the group mentioned in the cli to the user in the GUI and it worked. Kinda odd.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.