- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- WAN VLAN Port forwarding and SSL VPN
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WAN VLAN Port forwarding and SSL VPN
Hi everyone,
few days ago i configured on my FGT60E the WAN1 internet connection ftth via PPPoE on a VLAN ID XXX (vlan id provided by the connectivity provider).
The physical router of the old connection fttc has been removed.
Unfortunately, the SSL VPN portal is unreachable.
And port redirection also doesn't work... (80, 443 directed to the lan) :((
I updated the VIP, by entering the address assigned to me by the PPPoE negotiation in the external ip but it doesn't work anyway... what am i missing? I have never worked with wan connections that have VLANs.
Thank you all.
Labels:
- Labels:
-
FortiGate
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
anyone have any ideas? I have a bad headache and I don't know where to look anymore.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Flamba1,
did you configure a VLAN interface on top of the WAN interface to handle the VLAN tagging?
If yes, you might need to ensure that your VIPs and SSLVPN use the VLAN interface in their configuration, not the physical interface.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
outbound traffic works, the authentication works and i see the public ip that is assigned to me.
on the physical interface wan1 i set a manual ip 0.0.0.0
but i don't understand this very well:
"you might need to ensure that your VIPs and SSLVPN use the VLAN interface in their configuration"
on my internal interface i have no vlan.
in the virtual ip configuration i set on interface the VLAN on wan1
in the external ip of the vip i set the public IP assigned by the provider.
in the internal ip of the vip i set the ip address of a machine on my internal network .
then i created the ipv4 policy...
am i wrong something?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Flamba:
- regarding your SSLVPN, you can set what interface it listens on. Set the VLAN interface.
- regarding your VIP, you can set an external interface; you already selected the VLAN interface?
That should be all that is required (in addition to policies from VLAN interface to internal with destination VIP, and SSLVPN interface to internal).
As long as your provider tags the traffic properly, FortiGate should treat it as arriving on the VLAN interface.
If the traffic is untagged, FortiGate will treat it as belonging to the WAN interface though - you might need a packet capture to verify that the traffic IS actually tagged (or check with your ISP if they use VLAN tags or not).
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
all correct ... not working.
later i try to do a packet capture.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry to hear that you're still having issues.
I would suggest two packet captures - on your WAN interface, and your VLAN interface. You should see roughly the same traffic on them; if there is a difference (especially with incoming traffic) that could mean traffic is not actually hitting the VLAN interface (probably missing VLAN tag), for example.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if missing VLAN tag what i can do ?
I think this is the problem.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey flamba,
in that case, FortiGate would assume the traffic is arriving on the WAN interface only, and your VIP etc would need to use the WAN interface, not the VLAN interface; FortiGate needs the VLAN tag in traffic to determine that traffic belongs to a VLAN interface.
Verify with your ISP if they tag the VLAN or not. If they do not, then just don't do any VLAN config on FGT. If they do tag the VLAN, but you still have the issue, that probably needs more troubleshooting than a forum post can provide; I would suggest you open a ticket with Technical Support.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
problem solved!!! in the vlan configuration there was an incorrect distance value ... !!!!!!!!!!!
Related Posts
- fortigate ipsec s2s VPN with starlink... 39 Views
- are excessive tcp reset errors related... 31 Views
- Split Session sync / heartbeat 34 Views
- DHCP on a Fortiswitch 124F from... 144 Views
- How to configure physical internal switch... 128 Views
Labels
-
FortiGate
6,597 -
FortiClient
1,315 -
5.2
801 -
5.4
639 -
FortiManager
570 -
FortiAnalyzer
417 -
6.0
416 -
5.6
362 -
FortiSwitch
338 -
FortiAP
337 -
FortiClient EMS
268 -
6.2
251 -
FortiMail
247 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
73 -
FortiToken
72 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
62 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
26 -
Firewall policy
25 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
High Availability
21 -
FortiConverter
21 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
Interface
13 -
FortiDDoS
13 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Application control
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.