Hot!SSL-VPN Realm - issue with setup...

Author
djg
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/05/20 02:53:25
  • Status: offline
2017/05/22 01:53:45 (permalink)
0

SSL-VPN Realm - issue with setup...

We are trying to implement SSL-VPN Realms and are running into an issue.
 
When we try to create a new realm, the URL defaults to the inside interface. We have tried to find a way to manually change the URL to use the correct interface, which is actually the DMZ interface (that interface is the connection to the outside, we are behind another firewall).
 
  • We have SSL-VPN Web Portal working fine. We are able to access and use the portal fine. We are just having issues with implementing realms.
  • The DMZ-interface is defined in the SSL-VPN settings as the interface to listen on, and again, it is working fine.
  • The issue is when we create a new realm, it listens on the inside interface.
We have searched in both the GUI and CLI and it does not seem there is a way to manually define the complete URL. Also, we are unable to locate anywhere to manually set the interface that the SSL-VPN Realm uses. We are unable to determine why it is defaulting to the inside interface even though in the SSL-VPN settings it is listening on the DMZ-interface.
 
We also created a ticket with Fortinet and hope they will have an answer. Just thought we would reach out to the forum to see if anyone else has run across this issue and found a solution. If we resolve the issue with Fortinet, we will post the fix here.
 
THANKS!
#1

7 Replies Related Threads

    djg
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/05/20 02:53:25
    • Status: offline
    Re: SSL-VPN Realm - issue with setup... 2017/05/22 07:36:40 (permalink)
    0
    We were able to resolve the issue by deleting and recreating the realms and recreating the Authentication/Portal mappings under SSL-VPN settings.
    #2
    Toshi Esumi
    Expert Member
    • Total Posts : 1751
    • Scores: 143
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: SSL-VPN Realm - issue with setup... 2017/05/22 08:21:20 (permalink)
    0
    Sounds like a bug but what's the model and os version?
    #3
    emnoc
    Expert Member
    • Total Posts : 5366
    • Scores: 351
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SSL-VPN Realm - issue with setup... 2017/05/22 08:43:42 (permalink)
    0
    I don't think this is a bug btw, how did you set the realm ? And do  you have any auth-rules ? 
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #4
    djg
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/05/20 02:53:25
    • Status: offline
    Re: SSL-VPN Realm - issue with setup... 2017/05/22 09:18:35 (permalink)
    0
    Model: FortiGate 500D
    FW Version: v5.4.4,build1117 (GA)
    #5
    emnoc
    Expert Member
    • Total Posts : 5366
    • Scores: 351
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SSL-VPN Realm - issue with setup... 2017/05/22 09:49:10 (permalink)
    0
    I'll test it  for you later tonight. What interfaces do you have    SSLvpn enabled on?  ( i'm assuming more than one )
     
    Ken
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #6
    djg
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/05/20 02:53:25
    • Status: offline
    Re: SSL-VPN Realm - issue with setup... 2017/05/22 11:07:25 (permalink)
    0
     I should have been more clear in my previous posts, sorry.
     
    We had an SSL-VPN setup with a realm for mobile client users setup and working. On Friday, it just stopped working.
     
    Specifically, IOS devices were unable to connect via the Forticlient using the realm set for tunnel mode. Android Forticlient users were still working on that realm and so were the SSL-VPN Web users that connected via browser. After a reboot of the firewalls, no mobile client users were able to connect but the SSL-VPN Web users still working fine.
    While troubleshooting the issue, we noticed that the link shown for the URL was referencing the inside interface. We had mistakenly thought this was specifying the actual URL users were supposed to use to connect, but it turned out to be just an example URL. This is why the post referenced manually setting the interface for the URL.
     
    We later determined the example URL was based on the interface you logged into the firewall on:
     
                           
     
    And confirmed by accessing from a different interface:
     

     
    We confused the example URL as an informative section like the SSL-VPN port listened on set under the SSL-VPN settings page:
     
     
     
    As part of our troubleshooting process we deleted/recreated the SSL-VPN realms and deleted/ recreated the users/groups under Authentication/Portal Mapping on the SSL-VPN Settings page. We had not noticed this had resolved the issue as we were focused on the non-issue of the example URL.
     
    I hope this clears up any confusion.
    #7
    Edwin
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/10/29 00:00:18
    • Status: offline
    Re: SSL-VPN Realm - issue with setup... 2019/10/22 01:41:49 (permalink)
    0
    Thanks DJG,  3
     
    i had the same issue
    #8
    Jump to:
    © 2019 APG vNext Commercial Version 5.5