Hot![Solved] VPN-SSL listening on DMZ port, WAN is private IP = Error

Author
Adrien
New Member
  • Total Posts : 13
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/08/06 00:56:55
  • Status: offline
2018/06/08 06:12:57 (permalink) 5.6
0

[Solved] VPN-SSL listening on DMZ port, WAN is private IP = Error

Hi All,
 
I'm in a "specific" case where my WAN interface IP is private (I'm into a metropolitan network) and used only for interconnect my networks using static routes.
My DMZ Public Subnet is on "DMZ" interface/Vlan.
I use SSL-VPN in Web and Tunnel mode. SSL-VPN is listening on DMZ Interface.

In this case, when i'm in the WAN Side, I can connect to the web ssl, put my login and password and after a successfull login i've a white page: (https://myforti.mydomain.net/sslvpn/portal.html)... With Forticlient SSL, it return an empty error after few seconds.
 
When located in a LAN subnet, it is working as expected.
VPN Connection to private WAN interface IP work too (but i need to be located into the MAN, can't work from WAN because private IP)

I suspect an internal routing anomaly. Do you have a solution without using Vdom?
 
Regards
post edited by Adrien - 2018/06/20 08:01:58
#1

4 Replies Related Threads

    rwpatterson
    Expert Member
    • Total Posts : 8229
    • Scores: 177
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: online
    Re: VPN-SSL listening on DMZ port, WAN is private IP = White page 2018/06/08 07:01:58 (permalink)
    0
    Check your routing distances. The SSL VPN route distance needs to be shorter than the default gateway distance.

    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.18-b0689
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #2
    Adrien
    New Member
    • Total Posts : 13
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/08/06 00:56:55
    • Status: offline
    Re: VPN-SSL listening on DMZ port, WAN is private IP = White page 2018/06/15 01:35:22 (permalink)
    0
    Hi,
    Thanks for your help! Sorry for the delay...
    I was enthusiastic about that, but that does not solve the issue :'(

    Static routes tab:
    Subnet                    Gateway
    0.0.0.0/0           10.249.0.1  Metropolitan_NET (wan1)                   Distance:15 . Priority 0
    172.20.130.0/23                      SSL-VPN tunnel interface (ssl.root)  .   Distance:10 .  Priority 0
     
    Other ideas?
    Regards
    post edited by Adrien - 2018/06/15 01:37:42
    #3
    Adrien
    New Member
    • Total Posts : 13
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/08/06 00:56:55
    • Status: offline
    Re: VPN-SSL listening on DMZ port, WAN is private IP = White page 2018/06/15 04:33:57 (permalink)
    0
    Here is a sample:

    post edited by Adrien - 2018/06/17 23:49:11
    #4
    Adrien
    New Member
    • Total Posts : 13
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/08/06 00:56:55
    • Status: offline
    Re: VPN-SSL listening on DMZ port, WAN is private IP = White page 2018/06/20 08:00:08 (permalink)
    0
    Issue solved by Fortinet Support.
    In my configuration i have to add this in config file:
     
    firewall # config vpn ssl settings 
    firewall (settings) # 
    firewall (settings) # set route-source-interface enable 
    #5
    Jump to:
    © 2018 APG vNext Commercial Version 5.5