I have a LAN with 2 FGT's. SSLVPN coming in to FGT1 can not reach FGT2 and server on FGT2. Not sure where my issue might be.
Solved! Go to Solution.
Did you add a route on FGT1 like this?
And on FGT2 like that?
And firewall rules on both FG1 and FG2 to allow the related traffic?
Did you add a route on FGT1 like this?
And on FGT2 like that?
And firewall rules on both FG1 and FG2 to allow the related traffic?
Adding these static routes did the trick.
Hi ingchristo,
You can check the routing by the commands below.
get router info routing-table details <source>
get router info routing-table details <destination>
Run a packet capture and initiate traffic on where the packet is drop.
diag sniffer packet any 'host <source> and host <destination>' 4 0 l
Verify the Firewall policy based on the routing table.
Hi,
Can you please provide the routing table from FGT1 for a server?
get router info routing-table details x.x.x.x (server IP)
In addition, as previously mentioned we need to have a firewall rule from SSLVPN to Lan with particular subnets.
If all configuration is fine, we would like to run the debug on both of the firewall
di de reset
di de flow filter clear
di de flow filter addr x.x.x.x (x is the server ip)
di de flow filter proto 1
di de flow trace start 999
di de en
Note: Please initiate the ping after applying the above debugs from the user who connects the SSLVPN
Hi,
You also have to check ,if the destination route is printed in the routeprint output on the device connected to the vpn . If Routes are not present in the routeprint output then might be split tunneling is enabled and you might need to add the destination route in the splittunnel.
Thank you
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.