Re: SSL VPN - Web mode disabled, but Forticlient c...

kkhushdeep · 10-13-2024

Description This article explains how to delete IPSec phase 2 selector from the CLI of the FortiGate if there is no option to delete it from GUI. Scope FortiGate Solution In this example name of the phase2 selector of the IPSec tunnel is 'FGT_VPNIPSE...

kkhushdeep · 08-15-2024

Description This article explains a situation where the OSPF neighbor is in a FULL state, yet no routes are being advertised from the FortiGate. Scope FortiGate. Solution In the routing table, the neighbor's state is displayed, and if it shows a FULL...

kkhushdeep · 08-10-2024

Description This article describes the issue where the 'Media Stream' subcategory under 'Bandwidth Consuming' is blocked, yet streaming media websites remain accessible. Scope FortiGate. Solution To Block the streaming media by using a web filter pro...

kkhushdeep · 08-06-2024

Description This article describes the steps to troubleshoot the VPN connection issues when FortiClient gets stuck in Connecting without any error. Scope FortiClient. Solution When FortiClient is stuck at 'connecting' the reason could be reachability...

kkhushdeep · 08-06-2024

Description This article discusses the difficulties in adding the SSL VPN interface to an existing security policy that already contains one or more source interfaces. Scope FortiGate. Solution In instances where have highly detailed policies for use...

kkhushdeep · 07-31-2024

Hello, If you want to restrict access for the vpn by using local-in-policy please check the below configuration example. Configure the policy to allow traffic from the specific source addresses. config firewall local-in-policy edit 0 set intf "WAN" <...

kkhushdeep · 07-30-2024

Hello, You can try connecting to the web mode from this device once, to isolate the problem to FCT. Kindly also run a packet capture on the wan interface of the fortigate with the public ip of the user that is unable to connect.You can check the foll...

kkhushdeep · 07-29-2024

Hello Team, After hiding the SSL VPN login page (on v 7.4.1 and below) or disabling it globally (v7.4.2 and above), it is expected to see every failed authentication for SSL VPN flagged with 'tunnel Type ssl-web'. The log does not mean an authenticat...

kkhushdeep · 07-23-2024

In addition to the previous update you can check with the following commands if the traffic is coming to the fortigate for this traffic: dia sniffer packet any " host x.x.x.x and host y.y.y.y " 4 0 l <------ x.x.x.x should be the ip address that you ...

kkhushdeep · 07-23-2024

Please check if you are using named address objects in the phase2 selectors and try to use direct subnet and separate phase2 selectors instead of named objects.It is possible to configure mesh-selector-type.mesh-selector-type {disable | subnet | host...

User Statistics

User Activity

Technical Tip: To Delete IPSec VPN tunnel Phase2 selector from FortiGate CLI

Troubleshooting Tip: OSPF Neighborship in FULL state but no routes are received or advertised to the neighbor

Technical Tip: How to block media streaming using web filter Bandwidth Consuming category when other categories are still allowed

Technical Tip: FortiClient getting stuck at 'Connecting'

Technical Tip: To use SSL VPN interface along with other interfaces as a source in the multiple interface policy

Re: Policy-in-policy question

Re: will not allow me to connect the FortiClient