This post might be a little long, but I'm providing a brief back story (which might not necessarily be needed for everyone). Feel free to skip down. I'm still digging into networking more and more. I'm not necessarily a novice when it comes to networking, but I'm not an expert yet. I'm working on learning more and more. Thanks in advance.

Our facility was using some FortiGate appliances. I'm not sure which ones. They were white.  Those were managed by a third-party independent contractor. He used all of the EMS, firewall, etc.. (A special note: Our former company did not use MSPs. We had individual skilled techs at each of our three buildings. Some knew more than others.) The parent company decided to finally sell our building. When we were sold, they took the FortiGate and put us back on our Cisco ASA. The new MSP was not prepared to use that and decided to bring in a FortiGate 200B device. I explained that we needed VPN for select users. I also explained we needed LDAP auth for those users so we could just put them into the AD group and they could connect. After connecting, they would primarily need access to our share drive to review documents as needed. They really do not need anything else. Me, on the other hand, if I VPN in, I will need access to all of my servers and resources. I sometimes used the FortiClient app to connect and then used RD Client to get to my servers while I was out. Well, it's not working correctly...

The MSP tech configured IPSec VPN with a PSK. I was able to connect with that, but still not access any network resources. He didn't know how to do the method of using AD security groups to allow auth into VPN. I spent an entire day learning about FortiNet and our FortiGate 200B. I followed some online resources and was able to configure the SSL VPN. After following the online resource (here) I now have two new policies. I did a test this morning and I was still able to connect after disabling #18 in the picture below. There was no real rhyme or reason to that particular test, I just wanted to try it out.

Long story short... While on SSL VPN authenticated with LDAP, I can connect, but I can't get to any network resources using RD Client on my mobile device and I cannot connect to the share drive using the desktop shortcut. I tried accessing using hostnames and IP addresses. This made me feel like it was related to DNS at first. Now, I'm thinking it's related to a policy. 

Here are the two new policies: 

I've spent so many hours trying to get this to work and I don't think we should pay our MSP to try to configure this if his tech has already admitted he doesn't know how to. I'm very capable of getting this done, but I'm stuck. 

Can someone please assist in helping me determine the cause and solution to using the SSL VPN to connect and access network resources like the share drive? Thanks!

---- Randy

"Jack of many trades, master of few."