Have a strange problem with SSL VPN not answering. Have set it up multiple times on other system but only with only one WAN IP. Problem here i think is that it listens on all WAN IP's (11 Wan IPs). Everything is standard otherwise than the port (444) but the service doesn't answer. It's a FG81 running 7.2.5
- Please run the following debug flows and try again. di deb disable di deb res diagnose debug flow filter clear di deb flow filter port 444 diagnose debug flow show function-name enable di deb flow show iprope en diagnose debug console timestamp enable diagnose debug flow trace start 500 diagnose debug enable
- Run 'di deb dis' to disable the debug.
- Please also make sure you have a firewall policy configured for ssl.root to your internal network.
@H3nrikP Can you do a packet sniffer on WAN interface? diag sniffer packet wan1 "host x.x.x.x port 444" 6 0 1 ----- where x.x.x.x is public IP of your client trying to connect with ssl vpn to see the communication between host and fortigate.
Another good test would be to try to access web-mode on all IPs listed under WAN interface
We see traffic on port 444 which means the ISP forwarded it to the FortiGate. Can you make sure there is no virtual IP configured on port 444? Please also make sure "source-address-negate" is not enabled. If it is enabled, the "source-address" must not be "all". You can run the following command to check: show full vpn ssl setting | grep source
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.