- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN can connect but can't access shared folder
Hi all, Using Forticlient IPSec VPN to connect back to office network unable to access network shared Please help. The shared folder is only shared by domain PC. I can ping IP, nslookup and ping hostname of the PC.
Thank you
Regards,
RTuesca
- Labels:
-
FortiClient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is your FW policy allowing access on SMB/file share protocol?
Is your PC local firewall preventing the traffic?
let's start there and then troubleshoot further...
Graham
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, as of the moment we allow all on the Forti and I also tried turning off the firewall of the shared PC but no luck on that one.
Thanks
RTuesca
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks like you are accessing the file share using hostname instead of IP.
Can you please try with IP?
Chances are you will need to set up split DNS config on your VPN settings to be able to access resources using hostnames (note only FQDN will work).
Graham
Created on ‎11-03-2022 11:32 AM Edited on ‎11-03-2022 11:33 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've tried accessing it through IP still the same, What do you mean by setting up split DNS config on VPN settings? so I can raise this with our network engineer. I've also try accessing the shared PC via FQDN
DNS Config is this something can be done on forticlient VPN? or this is need to be done on the Fortigate Itself?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK we need to see what's happening to the traffic on the FGT. Please issue the following commands:
diagnose debug enable
diagnose debug flow filter saddr (IP address of VPN client)
diagnose debug flow filter daddr (IP address of file server)
diagnose debug flow trace start 15
After issuing those commands please attempt connection to the file server and paste output here.
Here is info on split DNS: https://docs.fortinet.com/document/fortigate/7.2.2/administration-guide/988717/ssl-vpn-split-dns
Graham
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Gfleming,
We already figured out the error; it looks like the FW is blocking the traffic. but it's already working now. Thanks, your help is much appreciated.
Thanks
RTuesca
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi RTuesca,
it is long time from now. But I have same problem with some clients. Do you remember what was solution?
Thanks
hakbil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Hakbil,
The issue was with the firewall. We monitored the traffic while attempting to map drives and added all blocked items to the firewall.
Hope this helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi etuesca,
I am facing the same problem and when diagnoses, I am getting the following error.
id=65308 trace_id=9 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=42, len=2"
id=65308 trace_id=9 func=get_new_addr line=1205 msg="find SNAT: IP-192.168.1.254(from IPPOOL), port-52445"
id=65308 trace_id=9 func=fw_forward_handler line=827 msg="Denied by forward policy check (policy 0)"
Can you please guide what rule is blocking here and how to check and fix that.
