Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alexaders
New Contributor

VPN SSL with split tunnel disabled does not work properly

Hi everyone, I have a pretty big problem. Then I created an SSL VPN with Split tunnel disabled, the vpn connects and works, but it seems not to resolve the DNS, in fact if I poodle the google 8.8.8.8 dns, I get an "expired request" In practice I wish that when I connect with the VPN, all traffic must pass through the public IP of the firewall. So when I'm going to do a "WhatsMyip", I have to get the IP from the firewall and not my public. I remember that the VPN connects, works and I can also do Google searches, but when I enter any website, it times out. In addition, if I ping with cmd example: ping google.it only resolve ipv6 and not ipv4 .

 

my configuration:

 

 

 

DNS Server is DC01 E DC02

 

 

 

 

So when I go to resolve my ip, on any website, it must be 46.44.xx.xx and not my public ip

 

Thank You Guys

6 REPLIES 6
orani
Contributor II

You need a policy to allow traffic form SSLVPN to wan1 interface and destination all.

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
Alexaders

orani wrote:

You need a policy to allow traffic form SSLVPN to wan1 interface and destination all.

ok so I should change my policy like this:

 

Incoming Interface : ssl vpn tunnel interface:

Outgoing inteferface : WAN1

destination: all

????

orani

No. Do not change the policy you posted above. Create a new one with

 

incoming interface: sslvpn

outgoing interface: wan1

source: same as at your previous rule

destination: all

nat: enabled

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
Alexaders

not working

 

 

 

as you can see, I can do searches on google, but it seems that it does not risk pinging the dns, also it does not resolve the websites in ipv4. Where am I doing wrong?

orani

This might be a dns issue and not a fortigate configuration issue

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
lobstercreed
Valued Contributor

It looks to me like your tunnel mode config is handing out different IPs than what you are using in your policy as the source address.  I know this is a very old thread so you've probably figured that out if that was the case, but if not I hope that helps.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors