Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
David_P28
New Contributor II

Created on ‎10-23-2020 07:25 AM

Internet access on VPN SSL with tunnel mode

Hi,

I am using SSL VPN connection with split tunneling desactivated. I also use a WAN LLB interface.

My pb is that i can access to the local network, but i cannot access to Internet. So, i need to create an firewull rule with ssl.root in incomming interface and my WAN LLB link in outgoing interface. But in the outgoing interface list, i cannot see my LLB link ? 

Can you please help me to understant why ?

Thank you.

David.

4172
0 Kudos
5 REPLIES 5
boneyard
Valued Contributor

Created on ‎10-24-2020 04:11 AM

WAN LLB isn't a term anymore in newer FortiOS versions, which one are you using?

 

it is is a newer 5.6+ you are probably looking for the sdwan interface.

 

if not then adding a screenshot might help us understand and point out what you want.

3119
0 Kudos
David_P28
New Contributor II
In response to boneyard

Created on ‎10-26-2020 12:41 AM

Thank you for your reply,

i know that LLB is not used anymore and was replaced by SDWan. And my problem is not with that feature (who works well). I just wanted to know why i cannot select WAN interface in my policy (ssl.root to WAN) to allow internet access from SSL connections to the office internet access.

Do you have an idea ?

(the firmware migration is planned)

3118
0 Kudos
boneyard
Valued Contributor
In response to David_P28

Created on ‎10-26-2020 11:47 AM

my idea is that because WAN is a part of the LLB / SD-WAN interface, making it impossible to select part of that interface.

 

a screenshot of your available interfaces would help a lot with pointing it out.

3118
0 Kudos
David_P28
New Contributor II
In response to boneyard

Created on ‎10-27-2020 12:40 AM

Yes, the WAN interface is member of LLB link. But does it mean that i cannot set a policy to allow traffic from ssl.root interface to remote WAN ?

You can find below 2 screenshots of the available interfaces. If i select Internal, i can choose LLB for outgoing interface, but if i choose ssl.root, it disappears.

https://postimg.cc/D8RwXz5W

https://postimg.cc/HJgW6Pqd

 

 

[image]https://forum.fortinet.com/[/image][image]https://forum.fortinet.com/[/image]

3118
0 Kudos
boneyard
Valued Contributor
In response to David_P28

Created on ‎10-27-2020 11:26 AM

ok, like that, to me that feels like a bug, or some older default behaviour for LLB.

 

this older questions says it is an issue in 5.4 which is solved in 5.6

 

https://forum.fortinet.com/tm.aspx?m=150355

3118
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.