Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tyrsofrage
Visitor

SSL vpn to vlan implicit deny

Ive been trying at this for awhile and cant wrap my head around the problem. 

 

Im trying to go from ssl vpn to vlan100 (ADMINS).

Fortigate sees vlan100 in the routing table.

Screenshot 2024-10-31 004817.png

It has a firewall policy allowing it. 

Screenshot 2024-10-31 004305.png

 

yet the policy match tool and debug shows it going to the implicit deny policy

Screenshot 2024-10-31 004842.png

 

What else am I missing?

2 REPLIES 2
tyrsofrage
Visitor

Screenshot 2024-10-31 004352.png

debug output

pminarik
Staff
Staff

The policy demands an authenticated user - are they listed in the table of authed users?

 

> diag firewall auth list

=> find the username, check if it has the right IP

[ corrections always welcome ]
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors