WEBUI over ipsec
I have a strange issue.
- Two locations (on different continent) connected via ipsec-vpn.
- Both sites have FGT60D os 6.0.3
- The tunnelinterface have assigned IP-address (Local/Remote) with subnet 255.255.255.255-mask
- The remote site have some policybased routing since some internet-traffic must be routed via internet-connection on HQ.
Everything works fine; both site2site-traffic, and traffic from remote site via HQ to internet. The performence is as expected.
But the FGT-webUI will not load from remote site via the ipsec; the certifcate warning occour as normal but after that nothing is happening. I have tried different browser (Chrome, Edge etc) with same result. I have done some "diag sniffer packet"-sniffing and the packet seems to be routed correctly. When I do rdp-to a comuter on remote site I am able to connect the webUI on the same IP as I failed connect to from the other end. This is the same in both direction; both from remote site to [link=mailto:FGT@HQ]FGT@HQ[/link] and from HQ to [link=mailto:FGT@remote]FGT@remote[/link].
SSH to the Fortigate is working normal over ipsec.
Where could I start digging?
post edited by Yngve0 - 2019/01/06 12:40:41