Hi All,
I'm in a "specific" case where my WAN interface IP is private (I'm into a metropolitan network) and used only for interconnect my networks using static routes.
My DMZ Public Subnet is on "DMZ" interface/Vlan. I use SSL-VPN in Web and Tunnel mode. SSL-VPN is listening on DMZ Interface. In this case, when i'm in the WAN Side, I can connect to the web ssl, put my login and password and after a successfull login i've a white page: (https://myforti.mydomain.net/sslvpn/portal.html)... With Forticlient SSL, it return an empty error after few seconds.
When located in a LAN subnet, it is working as expected. VPN Connection to private WAN interface IP work too (but i need to be located into the MAN, can't work from WAN because private IP)
I suspect an internal routing anomaly. Do you have a solution without using Vdom?
Regards
Check your routing distances. The SSL VPN route distance needs to be shorter than the default gateway distance.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Hi,
Thanks for your help! Sorry for the delay...
I was enthusiastic about that, but that does not solve the issue :'(
Static routes tab:
Subnet Gateway
0.0.0.0/0 10.249.0.1 Metropolitan_NET (wan1) Distance:15 . Priority 0
172.20.130.0/23 SSL-VPN tunnel interface (ssl.root) . Distance:10 . Priority 0
Other ideas? Regards
Here is a sample:
Issue solved by Fortinet Support. In my configuration i have to add this in config file:
firewall # config vpn ssl settings firewall (settings) # firewall (settings) # set route-source-interface enable
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.