Hi guys! Here is a issue with Fortigate200F(7.4.1) - ipsec vpn lpdap users randomly cant get access(cant even ping) to various internal sources after establishing connection cause of sudden implicit deny, locally created users have no such problem at all though. They both are in the same group, under same policy. Its strange how that rule doesnt work for AD users sometimes. Any guesses?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
Does the related policy use FSSO as source?
I guess the blocked traffic shows IP without user, right?
@AEK wrote:Hi
Does the related policy use FSSO as source?
I guess the blocked traffic shows IP without user, right?
The policy contains VPN ip range and group of imported ldap users with local users as source. Blocked traffic shows Source/Source Country/Region/Source Interface/Device ID/User in details, when Accepted - same with addition of Source NAT IP/Source NAT Port and Group
What do you mean by: The policy contains "group of imported ldap users with local users as source" ?
Are you using IKEv1 or 2 ?
Hi @Zoxan,
Do you mean IPsec VPN users are able to connect but can't access internal resource? You need to run debug flow to see why it is being dropped: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Regards,
Hello, if you can share debug output that will be more useful to troubleshoot
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.