Hey Guys,
I am trying to add a web-server hosted on AWS to be accessed through the VPN.
Currently running a split tunnel and would like the webserver requests to be routed through the split tunnel, I added the public ip of the server to the active VPN portal also added the address to the SSL-VPN policy. but this does not seem to work, I feel like I am missing something but not so sure.
The webserver is accessbile and confirmed, this more for internal remote users to be able to access the server. Running a fortigate 60E.
Any help is much appreciated.
Hello @Dhwanil !
By your description everything seems to be fine and be it should be working. But, can you share you configuration?
The set up for this is simple. If you add the IP of the server to the "Routing Address" field on the image below, the traffic to the server from devices connected to the vpn should pass through your firewall. Of course, if there's a policy allowing.
Let me know if this helped.
Thank you , yeah there, I appeneded the server ip address in the same exsisting policy that is present for the ssl vpn, is there any other policies that I should check. My configuration seems to be the same like the picture you posted. also tried to run traceroute to see if it what was the difference as I have a onpremise web server as well which is behind the tunnel, and does not seem to be able to get to the server at all. even my ssh to the server seems to be failing when I put the IP behind the tunnel, so I am guessing I am missing something somewhere.
Also do you think I need to make anymore changes to the firewall to be able to access that, as I suspect, I would not require anymore than VPN policy to be modified as internal network devices can access the server anyway.
I got it to work, there was a firewall configuration blocking my way from the policies. I appreciate you taking time out to reply.
Hi Dhwanil, i am facing the same issue. Can you pls let me know which firewall config was blocking the way from the policy?
Glad it's working!
@Timur1
Follow this link and execute debug flow commands to check which policy is blocking your traffic:
Debugging the packet flow | FortiGate / FortiOS 7.4.1 | Fortinet Document Library
Executing debug flow commands, you will find matching policy and try to edit that one.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.