Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

VPN Fortiproxy problem.

HI. I’m in a situation where I’m attempting to deploy Fortiproxy. I have users connecting to the proxy before they access the internet. I’m doing single sign on (passive) and I’m not seeing the IP addresses of their machines. All users appear as though they are using the IP address of the VPN end-point (username and IP are associated). Has anyone run into this problem before? vshare

Hey hodoknaru,

if you're doing passive authentication (FSSO or RSSO I assume?), then the IP information is picked up from whatever authentication FortiProxy (or Collector Agent) detects in the first place.

Do the users actually arrive at FortiProxy with that VPN source IP, or with the original IPs of their machines? What is the intended traffic flow?
It sounds a bit as if you have a setup "User (home/off-site) -> VPN -> HQ firewall/VPN gateway -> Proxy -> Internet"; is this correct?
Or is the VPN bit not supposed to be involved?
I would need to know a bit more about the intended flow of traffic, where users authenticate, and how FortiProxy picks up on it, to tell you why this could be happening.

In principle, if whatever authentication you have in place is associated with the VPN IP, then FortiProxy would likely see that via whatever passive authentication you have in place.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Top Kudoed Authors