greetings,
we'd like to access Internet, say, google.com with ssl vpn establised to Fortigate, but we got the error like below.
but the user without ssl vpn connection has no such problem.
ssl vpn connection is used for laptops from another country.
the connection path is:
laptop connected with fortigate via ssl vpn, split-tunneling is disabled.
an SD-WAN rule is configured on fortigate for Internet bound traffic.
1. ssl vpn portal:
fw-01 $ show vpn ssl web portal "test_townhall"
config vpn ssl web portal
edit "test_townhall"
set tunnel-mode enable
set forticlient-download disable
set ip-pools "sslvpn_test_townhall"
set split-tunneling disable
next
end
2. ssl vpn settings:
fw-01 $ show vpn ssl settings
config vpn ssl settings
set ssl-client-renegotiation enable
set servercert "sevpn.companydomain.com"
set auth-timeout 36000
set login-block-time 120
set login-timeout 60
set tunnel-ip-pools "SSL-VPN-sitename-10.77.252.0/22" "sslvpn_test_townhall" !!we are using "sslvpn_test_townhall" as the address pool in this case.
set dns-server1 10.250.7.x
set dns-server2 10.250.7.x
set port 443
set source-interface "Internet"
set source-address "all"
set source-address6 "all"
set default-portal "Forticlient-splittunneling"
config authentication-rule
edit 2
set groups "sslvpn-saml-standard"
set portal "Forticlient-splittunneling"
next
edit 6
set groups "test_townhall" !!we set the group "test_townhall" in this case
set portal "test_townhall" !!we are using "test_townhall" portal in this case
next
end
end
3. firewall policy
could you please advise?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Sean3
I think this looks like a DNS issue, like if www.google.com in your network resolves to an IP of a facebook site.
What you get when you click "Continue to www.google.com"?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.