Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
teodorf
New Contributor II

Created on ‎08-18-2010 10:29 AM

VPN not going through FG in transparent mode

Hello everyone, we have a problem with a Fortigate 60B with firmware 4.0 MR1 working in transparent mode. Here is the picture : LAN < -- > FG (transparent)< -- >Gateway/Firewall(Linux) <--> internet ^ | | web proxy(8080) The FG is used ONLY as a WebFiltering solution. The problem is that when in transparent mode the outside users cannot use VPN anymore. There are no VLANs or STP in use for this network. Any idea what could be the problem ? Maybe because by default a Fortigate unit in transparent mode isn' t forwarding non-ARP broadcast frames ?
1763
0 Kudos
5 REPLIES 5
abelio
SuperUser
SuperUser

Created on ‎08-18-2010 12:57 PM

hello and welcome
The problem is that when in transparent mode the outside users cannot use VPN anymore.
why not?; IPSec is still available in TP mode.
Maybe because by default a Fortigate unit in transparent mode isn' t forwarding non-ARP broadcast frames ?
I' m not sure if I understand which exactly is your issue; VPN or anything else

regards




/ Abel

regards / Abel
848
0 Kudos
teodorf
New Contributor II

Created on ‎08-18-2010 01:07 PM

Hello, the Fortigate is working in transparent mode at a client for a demo. It does ONLY webfiltering. VPN is made by a Linux box. They said that their users were unable to connect from outside the network to the VPN after the FG has been put in line like in the picture. I' m not sure what could be the problem for this issue. Regards, teodorf
848
0 Kudos
rocampo
New Contributor
In response to teodorf

Created on ‎08-29-2010 08:01 AM

Do you have a policy in the firewall to allow TCP port 8080? Are the web browsers configured explicitly to use the proxy on the linux box?
848
0 Kudos
teodorf
New Contributor II

Created on ‎08-29-2010 11:53 PM

Yes, i had a firewall policy to allow TCP 8080 (actually the firewall policy was to permit all, but with AV scanning and Web Guard Filtering in the profile). Also the browsers were configured to use the proxy on the linux box. We kind of solved this problem by putting the Fortigate in front of the router (LAN <-> Gateway <-> Fortigate (transparent mode) <-> Internet. Regards, teodorf
848
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎08-31-2010 07:00 AM

We kind of solved this problem by putting the Fortigate in front of the router (LAN <-> Gateway <-> Fortigate (transparent mode) <-> Internet.
woaa...hope your demo is finished soon. Did you think of allowing ESP in? This is not a TCP protocol. Besides, IPSec can use UDP/500 and UDP/4500 (when NAT-T). As you didn' t mention the kind of VPN in use this is wild guessing again...

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
848
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.