Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mham
New Contributor

Ssl vpn to ipsec issues

Hi

 

I manage a larg group of remote workers and since the adoption of the ipsec from ssl vpn our ticketing system is on fire. 

Everyone complains about speed, slow , drops from rdp...etc... 

I am using an intermediary fortios 7.4.6 before I go to 7.6.4 but now I'm starting to regret. 

 

Anyone gone thru the same issue ? I have an active ticket with fortinet but wonder if any of you can share a fix if you  had same experience. 

 

I haven changed yet the tsp-mss and mtu setting as I am waiting to hear back from fortinet support. 

I am using latest version of forticlient not ems ...

 

Tx 

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

We are still looking for someone to help you.

We will come back to you ASAP.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hi,

 

To address issues when migrating from SSL VPN to IPsec VPN, consider the following steps:

  1. Port Configuration: Ensure that the auth-ike-saml-port is not conflicting with the SSL VPN port. If SSL VPN is decommissioned, change its port to avoid conflicts.

  2. IPsec Tunnel Setup: Use the IPsec wizard to configure a new IPsec tunnel. Ensure the interface, pre-shared key, and user group are correctly set.

  3. Custom Tunnel Configuration: Convert the newly created IPsec tunnel to a custom tunnel and verify the parameters in the CLI, such as ike-version, peertype, proposal, and authusrgrp.

  4. Traffic Routing: If using split tunneling, ensure the remote subnet is included. For full tunnel configurations, no changes are needed in the SSL-VPN portal settings.

  5. Firewall Policies: Ensure existing firewall policies are updated to accommodate the new IPsec tunnel configuration.

  6. Testing and Validation: Test the IPsec VPN connection to ensure it is functioning as expected and troubleshoot any connectivity issues.

If issues persist, review the configuration for any discrepancies and ensure all settings align with the intended network design.

 
Anthony-Fortinet Community Team.
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors