- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL vpn to vlan implicit deny
Ive been trying at this for awhile and cant wrap my head around the problem.
Im trying to go from ssl vpn to vlan100
Fortigate sees vlan100 in the routing table.
It has a firewall policy allowing it.
yet the policy match tool and debug shows it going to the implicit deny policy
What else am I missing?
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The policy demands an authenticated user - are they listed in the table of authed users?
> diag firewall auth list
=> find the username, check if it has the right IP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
debug output
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The policy demands an authenticated user - are they listed in the table of authed users?
> diag firewall auth list
=> find the username, check if it has the right IP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks! That lead me down the right path.
I ran that command and saw the right user listed but it said it was in a user group. The GUI didn't show that user in any group. I matched the group mentioned in the cli to the user in the GUI and it worked. Kinda odd.
