SSL vpn to vlan implicit deny

tyrsofrage · ‎10-30-2024

Ive been trying at this for awhile and cant wrap my head around the problem.

Im trying to go from ssl vpn to vlan100

Fortigate sees vlan100 in the routing table.

It has a firewall policy allowing it.

yet the policy match tool and debug shows it going to the implicit deny policy

What else am I missing?

pminarik · ‎10-31-2024

The policy demands an authenticated user - are they listed in the table of authed users?

> diag firewall auth list

=> find the username, check if it has the right IP

[ corrections always welcome ]

View solution in original post

tyrsofrage · ‎10-30-2024

debug output

pminarik · ‎10-31-2024

The policy demands an authenticated user - are they listed in the table of authed users?

> diag firewall auth list

=> find the username, check if it has the right IP

[ corrections always welcome ]

tyrsofrage · ‎10-31-2024

Thanks! That lead me down the right path.

I ran that command and saw the right user listed but it said it was in a user group. The GUI didn't show that user in any group. I matched the group mentioned in the cli to the user in the GUI and it worked. Kinda odd.

SSL vpn to vlan implicit deny

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website