friends can you help me with this query please:
I have been reported a user who accesses the VPN and cannot access internal company resources.
I have reviewed the logs and it is not observed blocking by the firewall (policy violation), I see that there is traffic but the action that is shown in the logs are:
* close
*timeout
*client-rst
* accept
What would be the reasons why the firewall has this action?
The internal ips are within the access policy and within the ssl portal. Also all the ports are "all", so I wouldn't know what the problem would be
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi there,
* close
*timeout
*client-rst
* accept
These actions are also part of normal operation, they don't necessarily indicate an issue.
Need to correlate some more outputs in order to determine if these events are an issue.
Please follow these troubleshooting steps:
If none of this helps, I would run the following debug on the firewall and filter for a src ip/dst ip/dst port.
This should show what is happening to the traffic.
I would also do a wireshark pcap on the client, that might help to see potential network/latency issues.
diag debug reset
diag debug app sslvpn -1
diag debug flow filter addr <CLIENT-IP-ADD>
and/or
diag debug flow filter daddr <DST-RESOURCE-IP>
and/or
diag debug flow filter daddr dport <RESOURCE-DST-PORT>
diag debug console timestamp enable
diag debug flow show iprope enable
diag debug flow show function-name enable
diag debug enable
diag debug flow trace start 1000
"di de di" to disable the debug
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.