Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
puzzopi
New Contributor

VPN Remote Access - not smb

Hi I new here.

Fortigate 900D, 6.2.6

SSL VPN login ok.

Non ping to internal servers.

If I try to \\172.16.xx.xx\ciao\miao from my client is not possible to view the share on the server.

In Policy and Object > Ipv4 policy I set "service" to ALL

 

Thanks

 

8 REPLIES 8
Toshi_Esumi
SuperUser
SuperUser

Can users ping the server IP?

puzzopi

The users cannot ping the servers but can go on the server via RDP:

- We cannot ping windows server from remote in vpn. The same servers are "pingable" on the lan.

- We can ping linux servers from remote in vpn and obviously on the lan.

 

Thank you in advance.

ede_pfau

I suspect the Windows firewall (software) might be active on the Win servers. You need to be able to ping the servers, this is a must. No ping, no other services.

Are you using the Forticlient SSL VPN in tunnel mode, or in web mode?

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
puzzopi
New Contributor

Hi, thanks for your reply.

I think is tunnel mode, with forticlient set in SSL-VPN on 443 port.

the strange thing is that before with a cisco asa and a cisco vpn it worked. Nothing was done on the servers

ede_pfau

Then it's related to the config, not the servers.

I can assure you that one can obtain decent SMB throughput via SSL-VPN on a FGT.

For testing, the policy is 'plain vanilla', i.e. without any UTM profile?

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Yurisk

If it is a tunnel mode VPN, start with checking the routing table of the PC after it connects to Fortigate VPN:

Win: cmd -> route print

Linux/Mac: netstat -rn

and make sure you see the server's networks listed to go via the Forticlient vpn adapter.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
puzzopi
New Contributor

@ede_pfau:

In the Policy and Object > Ipv4 policy, in the policy for access to this servers, in the Security Profiles, i have only "SSL no-ispection"

 

 @Yurisk:

Now I verify but I think that the route is present: the RDP works fine.

 

 

puzzopi

Hi guys,

it was Firewall component of Kaspersky!!!

I disabled it on these servers, re-enable windows firewall and the connections works fine!!!

I don't understand why before all worked fine. Problably some last Kaspersky update...

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors