FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to solve an issue where configuring an Internet service to permit SSL VPN web mode traffic to the Internet using ISDB (Internet Service Database) results in failures. Users may experience 'Access Denied' errors and see the message 'The proxy server could not handle the request.
Scope
FortiGate.
Solution
The FortiGate SSL VPN web mode feature was not designed to support 'Internet Service' on firewall policy, as it primarily functions as a reverse proxy meant for internal organizational services. Attempting to use SSL VPN web mode to access the Internet is not its intended use.
'Internet Service'/ ISDB functionality for SSL VPN web mode is not supported, and it is not recommended to use SSL VPN web mode for internet access.
Alternatively, it is possible to use SSL VPN tunnel mode which fully supports ISDB, or use FQDNs instead.
Additional Information:
Fortinet will not provide further enhancements to support ISDB with SSL-VPN web mode.
Clients insisting on using SSL VPN web mode for internet access are advised that this feature is not intended for this purpose.
