Hi all, Using Forticlient IPSec VPN to connect back to office network unable to access network shared Please help. The shared folder is only shared by domain PC. I can ping IP, nslookup and ping hostname of the PC.
Thank you
Regards,
RTuesca
Is your FW policy allowing access on SMB/file share protocol?
Is your PC local firewall preventing the traffic?
let's start there and then troubleshoot further...
Yes, as of the moment we allow all on the Forti and I also tried turning off the firewall of the shared PC but no luck on that one.
Thanks
RTuesca
It looks like you are accessing the file share using hostname instead of IP.
Can you please try with IP?
Chances are you will need to set up split DNS config on your VPN settings to be able to access resources using hostnames (note only FQDN will work).
Created on 11-03-2022 11:32 AM Edited on 11-03-2022 11:33 AM
I've tried accessing it through IP still the same, What do you mean by setting up split DNS config on VPN settings? so I can raise this with our network engineer. I've also try accessing the shared PC via FQDN
DNS Config is this something can be done on forticlient VPN? or this is need to be done on the Fortigate Itself?
OK we need to see what's happening to the traffic on the FGT. Please issue the following commands:
diagnose debug enable
diagnose debug flow filter saddr (IP address of VPN client)
diagnose debug flow filter daddr (IP address of file server)
diagnose debug flow trace start 15
After issuing those commands please attempt connection to the file server and paste output here.
Here is info on split DNS: https://docs.fortinet.com/document/fortigate/7.2.2/administration-guide/988717/ssl-vpn-split-dns
Hi Gfleming,
We already figured out the error; it looks like the FW is blocking the traffic. but it's already working now. Thanks, your help is much appreciated.
Thanks
RTuesca
Hi RTuesca,
it is long time from now. But I have same problem with some clients. Do you remember what was solution?
Thanks
hakbil
Hi Hakbil,
The issue was with the firewall. We monitored the traffic while attempting to map drives and added all blocked items to the firewall.
Hope this helps
Hi etuesca,
I am facing the same problem and when diagnoses, I am getting the following error.
id=65308 trace_id=9 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=42, len=2"
id=65308 trace_id=9 func=get_new_addr line=1205 msg="find SNAT: IP-192.168.1.254(from IPPOOL), port-52445"
id=65308 trace_id=9 func=fw_forward_handler line=827 msg="Denied by forward policy check (policy 0)"
Can you please guide what rule is blocking here and how to check and fix that.
User | Count |
---|---|
2538 | |
1351 | |
795 | |
642 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.