- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
configuration VPN SSL
friends a question:
Is it possible to configure a VPN client with the feature that they must browse the Internet with the public IP of the office?
In my FW the SSL VPN is already configured, what I did was create a portal, then create the policy as shown in the image below. But when I test the connection to the VPN I lose my internet
- Labels:
-
FortiClient
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020
Have you enabled NAT on the firewall policy ?
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I already enabled the NAT policy and it works on my PC, that is, when I connect I do have internet. One question, how do I know that I am browsing with the office's public IP?
Would it be in this option?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020 .
If you want to allow internet traffic of users to pass through your office FortiGate, you need to disable split tunneling. You must configure two policies: SSLVPN to Internal Interface and SSLVPN to WAN interface. You may refer to the following links:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Disabling-Split-Tunnel-configuration/ta-p/...
Regards,
MP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
that's OK?
One question, how do I know that I am browsing with the office's public IP?
Would it be in this option?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020
Basic checks that I would do are the following:
1. Check forward traffic logs will show that it matches the policy for SSLVPN to WAN
2. Check whatsmyip from your browser. You should be getting Fortigate's public IP address.
3. Trace route from PC
4. Run sniffer/debug on FortiGate.
5. Check session:
diag sys session filter <source IP address>
dia sys session list
Regards,
MP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ran a test on my PC and managed to connect to the VPN, however other users lost their internet. Why does that happen? Is it a VPN or computer issue?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020 .
1. Please check the web portal that they are assigned to.
2. Check the policy.
Regards,
MP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can run on CMD of the Windows :
tracert www.bbc.com
It will list the routing hops you need to traverse to reach the destination.
You will understand what IP address is used to go out the internet and if this is the required one.
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020,
Please make sure you have a firewall policy to allow traffic from ssl.root to your wan interface.
Regards
