Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vasugk
New Contributor III

SSL VPN configuration on fortigate 60d behind Peplink loadbalancer

Hi I'm New to fortigate, I am trying to configure SSL VPN I am confused because my fortigate placed behind my peplink load balancer, Can any one guide me how configure my SSL VPN. 

 

Regards,

Vas 

7 REPLIES 7
vasugk
New Contributor III

Manage to configure SSL VPN but unable to login from forticlient, 

 

error:

 "Unable to logon to the server. Your login credentials not be configured properly (-12)".

Fullmoon

is this your topology? ISP-Peplink<-private network->Fortigate-LAN.

I assume Peplink provided private address to your Fortigate WANx interface. pls confirm. ;)

just follow ssl vpn procedure,now configured peplink to do port forwarding to Fortigate WANx interface ip address.

 

This is my workaround if I do implem using Fortigate behind FortiWAN device. So to test, if this is working type https://peplinkpublicaddress:10443 to any browsers

caveat: test this outside of your network

Fortigate Newbie

Fortigate Newbie
vasugk
New Contributor III

Hi Fullmoon,

 

Yes my topology ISP-Peplink<-private network->Fortigate-LAN. yes Peplink provided private address to my fortigate WANx interface.

 

Regards,

Vas

Fullmoon

then you may try my workaround posted above

Fortigate Newbie

Fortigate Newbie
emnoc
Esteemed Contributor III

1:Your problem does not seem to be   SLB issues but you need further diagnostics to determine that

2: have you ran diag debug flow commands when a client is attempting to connect does he/she match the expected policies

3: is the forticlient actually  hitting the SSLvpn thru the SLB

4: did you run  any  other diagnostics

 

e.g

 

diag deug en

diag debug  application sslvpn -1

diag sniffer packet < interface SSLVPN is enabled on...fgt>  " port <insert that service port>"

 

 

Do you see a remote client hitting the sslvpn?

what the client address? ( is the SLB SNAT for example )

does your policy(s) allow for it

etc.......

 

 

follow the trouble-shoot route base on what you see or don't see ( if  the SLB is not delivering the FClient to the   fgt ....."trouble shoot the SLB", vrs if your getting to the FGT and can't authenticate  " trouble-shoot the   FGT SSLVPN settings and policies" )

 

 

Ken

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
vasugk
New Contributor III

Hi Fullmoon,

 

Its worked for me thanks for your support.

 

Reg

vas

vasugk
New Contributor III

Hi,

We are able to connect to SSL VPN but unable to connect to my network drive is there anyway I can connect my drives.

 

Regards,

vas

Labels
Top Kudoed Authors