Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alexaders
New Contributor

Created on ‎09-23-2019 11:11 AM

VPN SSL with split tunnel disabled does not work properly

Hi everyone, I have a pretty big problem. Then I created an SSL VPN with Split tunnel disabled, the vpn connects and works, but it seems not to resolve the DNS, in fact if I poodle the google 8.8.8.8 dns, I get an "expired request" In practice I wish that when I connect with the VPN, all traffic must pass through the public IP of the firewall. So when I'm going to do a "WhatsMyip", I have to get the IP from the firewall and not my public. I remember that the VPN connects, works and I can also do Google searches, but when I enter any website, it times out. In addition, if I ping with cmd example: ping google.it only resolve ipv6 and not ipv4 .

 

my configuration:

 

 

 

DNS Server is DC01 E DC02

 

 

 

 

So when I go to resolve my ip, on any website, it must be 46.44.xx.xx and not my public ip

 

Thank You Guys

Preview file
41 KB
4276
0 Kudos
6 REPLIES 6
orani
Contributor II

Created on ‎09-23-2019 02:31 PM

You need a policy to allow traffic form SSLVPN to wan1 interface and destination all.

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
2292
0 Kudos
Alexaders
New Contributor
In response to orani

Created on ‎09-23-2019 03:35 PM

orani wrote:

You need a policy to allow traffic form SSLVPN to wan1 interface and destination all.

ok so I should change my policy like this:

 

Incoming Interface : ssl vpn tunnel interface:

Outgoing inteferface : WAN1

destination: all

????

2292
0 Kudos
orani
Contributor II
In response to Alexaders

Created on ‎09-23-2019 08:42 PM

No. Do not change the policy you posted above. Create a new one with

 

incoming interface: sslvpn

outgoing interface: wan1

source: same as at your previous rule

destination: all

nat: enabled

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
2292
0 Kudos
Alexaders
New Contributor
In response to orani

Created on ‎09-24-2019 12:35 AM

not working

 

 

 

as you can see, I can do searches on google, but it seems that it does not risk pinging the dns, also it does not resolve the websites in ipv4. Where am I doing wrong?

2292
0 Kudos
orani
Contributor II
In response to Alexaders

Created on ‎09-24-2019 12:54 PM

This might be a dns issue and not a fortigate configuration issue

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
2292
0 Kudos
lobstercreed
Valued Contributor
In response to orani

Created on ‎05-31-2020 01:08 PM

It looks to me like your tunnel mode config is handing out different IPs than what you are using in your policy as the source address.  I know this is a very old thread so you've probably figured that out if that was the case, but if not I hope that helps.

2292
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.