Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rtuesca
New Contributor

Created on ‎11-03-2022 06:29 AM Edited on ‎11-03-2022 06:34 AM

VPN can connect but can't access shared folder

Hi all, Using Forticlient IPSec VPN to connect back to office network unable to access network shared Please help. The shared folder is only shared by domain PC. I can ping IP, nslookup and ping hostname of the PC.

 

Thank you

Regards,

RTuesca

Labels:
5563
0 Kudos
6 REPLIES 6
gfleming
Staff
Staff

Created on ‎11-03-2022 10:01 AM

Is your FW policy allowing access on SMB/file share protocol?

 

Is your PC local firewall preventing the traffic?

 

let's start there and then troubleshoot further...

Cheers,
Graham
5541
0 Kudos
rtuesca
New Contributor

Created on ‎11-03-2022 10:44 AM Edited on ‎11-03-2022 10:53 AM

Yes, as of the moment we allow all on the Forti and I also tried turning off the firewall of the shared PC but no luck on that one.

 

image.png

 

 

Thanks

RTuesca

5538
0 Kudos
gfleming
Staff
Staff
In response to rtuesca

Created on ‎11-03-2022 11:24 AM

It looks like you are accessing the file share using hostname instead of IP.

 

Can you please try with IP?

 

Chances are you will need to set up split DNS config on your VPN settings to be able to access resources using hostnames (note only FQDN will work).

Cheers,
Graham
5533
0 Kudos
rtuesca
New Contributor
In response to rtuesca

Created on ‎11-03-2022 11:32 AM Edited on ‎11-03-2022 11:33 AM

I've tried accessing it through IP still the same, What do you mean by setting up split DNS config on VPN settings? so I can raise this with our network engineer. I've also try accessing the shared PC via FQDN

 

DNS Config is this something can be done on forticlient VPN? or this is need to be done on the Fortigate Itself?

5533
0 Kudos
gfleming
Staff
Staff
In response to rtuesca

Created on ‎11-03-2022 12:05 PM

OK we need to see what's happening to the traffic on the FGT. Please issue the following commands:

 

diagnose debug enable
diagnose debug flow filter saddr (IP address of VPN client)
diagnose debug flow filter daddr (IP address of file server)
diagnose debug flow trace start 15

 

After issuing those commands please attempt connection to the file server and paste output here.

 

Here is info on split DNS: https://docs.fortinet.com/document/fortigate/7.2.2/administration-guide/988717/ssl-vpn-split-dns

 

 

Cheers,
Graham
5528
0 Kudos
rtuesca
New Contributor

Created on ‎11-07-2022 05:37 AM

Hi Gfleming,

 

We already figured out the error; it looks like the FW is blocking the traffic. but it's already working now. Thanks, your help is much appreciated.

 

Thanks

RTuesca

5477
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.