Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Christian_89
New Contributor III

Fortigate SSLVPN TEAM

Hi, everyone

I have the following problem.
FortiVM02 customer arrives in a full tunnel with SSLVPN.
If the customer has video conferences via Teams, this does not work. Team breaks down.
In the office without SSLVPN it is not a problem.
I have SIP ALG disabled.
Have any of you experienced this yourself or know where the dog is buried?

Greeting

Christian

12 REPLIES 12
jintrah_FTNT
Staff
Staff

Hi,

 

Did you mean that all traffic from client would reach FortiGate (ie, no split tunneling used)? If so, is there a policy from ssl interface to wan interface? And if it did, does it have any security profiles?

 

Best regards,

Jin

Christian_89

Hello Jin I set up a full tunnel. I have no sec on the rule of SSLVPN-> WAN. profile active.

vsahu
Staff
Staff

Hello,

Are you using SDWAN if you can you create a rule with a Single interface only for the SSL VPN users and check

 

Regards,

Regards,
Vishal Sahu
Christian_89
New Contributor III

Hello Vsahu 
I don't use SDWAN.

vsahu
Staff
Staff

Hello,

 

Can you create a new policy on the top of the existing one for the SSL VPN Teams Access, Use Internet service as a Destination and add the Microsoft-Skype_Teams. Disable all the UTM and check the behavior.
Teams.PNG

Regards,
Vishal Sahu
Christian_89
New Contributor III

 Hi Vsahu

I configured the rule to any.
Isn't that the same as configuring the Internet Service?

I have now created a rule with the Internet Service.

Greeting

Christian

vsahu
Staff
Staff

Hello Christian,

 

If you had the policy with All as the destination it should not cause any issues with the respected traffic, but it's sometimes better to segregate the Services which are having the issue and check the behavior that's why I suggested the same.

Regards,
Vishal Sahu
alif
Staff
Staff

Hi Christian,

 

If your company allows, you can also enable split tunneling. In this way, only the LAN traffic will traverse via SSL VPN while the Internet traffic will go via local Internet of the connected user.

 

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/307303/ssl-vpn-split-tunnel-for-remote-u...

Regards,
SFA
seshuganesh
Staff
Staff

Hi Team,

 

SIP alg is not related to microsoft teams.

If you experience teams call issue with ssl vpn, that could be because of bandwidth issue.

Can you create interface widget for wan interface

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/496187/fortiview-application-bandwid...

You can use this article and check for interface bandwidth widget.

Also, can you check if there is any DOS policy configured for the firewall?