Hello,I'm running into one issue concerning a laptop connecting with SSL
VPN to a FortiGate.The setup makes use of OSPF routing. The default
routing for all traffic goes thru FG-A.FortiGate FG-B is the entry point
for SSL VPN.Since all traffic has a ...
Hello,I run into issues with a "simple" policy.Here some screenshots to
explain the problem. One policy 16 that allows all from "dial-up" to
"root-vpn0". Counters going up: Policy lookup failed for one I am sure
that one should match the above one ID...
Even with policy routes, you have to know the source IP address. Which
are dynamically IP addresses of different providers.I found a possibilty
under:config vpn ssl settings set auto-tunnel-static-route enableBut
that does not work (yet).
Found the problem. An upstream FortiGate had a static
route.Troubleshooting this issue, I used "Policy Lookup" on a downstream
FortiGate, the FortiGate where I worked on. This one finally didn't had
an issue. But, why didn't the Policy Lookup work. H...
The "diagnose debug flow" gives an "Allowed by Policy-16", the correct
policy. Here the output of 2 times the diagnose firewall iprope lookup:
FG100D-D (root) # diagnose firewall iprope lookup 10.63.1.3 61628
171.22.67.34 443 6 dial-up doesn't match ...
