Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sean3
New Contributor III

Created on ‎08-20-2024 07:22 AM

remote internet access with ssl vpn is not working: your connection isn't private

greetings,

we'd like to access Internet, say, google.com with ssl vpn establised to Fortigate, but we got the error like below.

but the user without ssl vpn connection has no such problem.

ssl vpn connection is used for laptops from another country.

your connection is not private.PNG

the connection path is:

laptop connected with fortigate via ssl vpn, split-tunneling is disabled.

an SD-WAN rule is configured on fortigate for Internet bound traffic.

 

1. ssl vpn portal:

fw-01 $ show vpn ssl web portal "test_townhall"
config vpn ssl web portal
edit "test_townhall"
set tunnel-mode enable
set forticlient-download disable
set ip-pools "sslvpn_test_townhall"
set split-tunneling disable
next
end

 

2. ssl vpn settings:

fw-01 $ show vpn ssl settings
config vpn ssl settings
set ssl-client-renegotiation enable
set servercert "sevpn.companydomain.com"
set auth-timeout 36000
set login-block-time 120
set login-timeout 60
set tunnel-ip-pools "SSL-VPN-sitename-10.77.252.0/22" "sslvpn_test_townhall" !!we are using "sslvpn_test_townhall" as the address pool in this case.
set dns-server1 10.250.7.x
set dns-server2 10.250.7.x
set port 443
set source-interface "Internet"
set source-address "all"
set source-address6 "all"
set default-portal "Forticlient-splittunneling"
config authentication-rule
edit 2
set groups "sslvpn-saml-standard"
set portal "Forticlient-splittunneling"
next
edit 6
set groups "test_townhall" !!we set the group "test_townhall" in this case
set portal "test_townhall" !!we are using "test_townhall" portal in this case
next
end
end

 

3. firewall policy

townhall firewall policy.PNG

 

could you please advise?

Labels:
267
0 Kudos
2 REPLIES 2
mpandya
Staff
Staff

Created on ‎08-20-2024 09:06 AM

Check the date and time on your computer to see if it is real time. If it's wrong, reset it properly and try again.
If the date and time on the computer is correct, this error is caused by an expired SSL certificate


and open this url with private mode on browser
239
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎08-20-2024 11:50 AM

Hello Sean3

I think this looks like a DNS issue, like if www.google.com in your network resolves to an IP of a facebook site.

What you get when you click "Continue to www.google.com"?

AEK
AEK
221
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.