Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
andrei
New Contributor

Some VPN traffic is blocked by web filtering

Hello everyone, I configured a site-to-Site VPN between a fortigate 1000C (main network of the company) and a fortigate 60C. The VPN works fine but I have a problem with traffic management. I have a server on which Sage Payroll users connected to the firewall 60C connect through VPN tunnel, the problem is that some of the traffic from hard Sage server is blocked when I enable web filtering and application control at the filtering policy of Lan. It is impossible for users to export from Sage server payroll files in pdf format, but as soon as I turn off the application control and web filtering, export pdf files works. I would not have to disable security options on my network to allow the application to work normally. Also that Sage application is working with several services working with several different ports. How to allow all traffic from my Sage server (public or private) through the VPN and filtering Lan level? - FortiGate 1000C Lan: 192.168.0.0 / 16 - Fortigate 60C Lan 192.168.2.0/24
Network & System Engineer OLAM GABON SA
Network & System Engineer OLAM GABON SA
3 REPLIES 3
Dipen
New Contributor III

You are saying that Application is not accessible when you enable Filtering Policy on LAN. Do you have the WebFilter UTM enabled on LAN-IPSEC Policy ? Since LAN-IPSEC Policy does not involve internet WebFilter should not be required.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
andrei
New Contributor

Hi dear, The application is accessible, users can connect to the application but they cannot extract pdf files from the application when the WebFilter UTM is enabled on LAN-WAN Policy. There is no WebFilter UTM enabled on LAN-IPSEC Policy. Extraction of pdf files is working only when I disable WebFilter UTM from LAN-WAN Policy.
Network & System Engineer OLAM GABON SA
Network & System Engineer OLAM GABON SA
ruanbatista
New Contributor

Hello, Can you send a basic diagram about this scenery? I think that your application try make some connection to internet when transfer files. It is generating a traffic log from LAN to WAN? If you disable application control only and keep the web filter. It works?
Information Security Consultant FCNSA Setrix Information Security Skype: ruan_diego
Information Security Consultant FCNSA Setrix Information Security Skype: ruan_diego
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors