No HTTP or HTTPS when connect to a remote VPN

Author
nfonz23
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/03/14 23:55:43
  • Status: offline
2020/03/15 00:08:31 (permalink)
0

No HTTP or HTTPS when connect to a remote VPN

Hi guys,
 
New to the forum and just started playing with a new Fortigate 60E which I'm looking to replace our office router with.
I have set up the Fortigate and everything is working perfectly besides 1 issue and a question.

I have set up the IPv4 Policies to allow DNS, HTTP and HTTPS which are working great, the problem starts when I connect to another remote VPN service through the Fortigate. The VPN connects and I can access services on the remote VPN's network but HTTP and HTTPS stop on my local computer (i can still ping remote address, google etc). I disconnect the VPN and all is good again. 
I'm assuming this is a firewall rule I need to tweak? (picture of my IPV4 Policies are attached). I even enabled the Allow all rule I created (for testing) and it still doesn't fix it

My question also, if I only have 3 rules in IPv4 Policies for DNS, HTTP and HTTP, shouldn't have the VPN I was trying to connect to failed to connect? I would have thought that it would be blocked by default if I haven't made a rule to allow it?
 
 
Thank!

Attached Image(s)

#1

4 Replies Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 6241
    • Scores: 522
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: No HTTP or HTTPS when connect to a remote VPN 2020/03/15 04:47:14 (permalink)
    0
    I wonder which kind of VPN you are talking about. Certainly, there is no policy connecting your LAN to it. Which kind of is magic.
    Please supply more info on the way your VPN is set up, in general and on the FGT (IPsec, SSLVPN, Windows??).

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    lobstercreed
    Gold Member
    • Total Posts : 162
    • Scores: 21
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: No HTTP or HTTPS when connect to a remote VPN 2020/03/15 05:36:21 (permalink)
    0
    Hi Nathan,
     
    It seems pretty clear to me that the remote VPN service you're connecting to is SSL-VPN, which runs over HTTPS.  This is precisely one of the reasons SSL-VPN became so popular: it works even on networks that only allow basic web traffic.
     
    As to why you lose the ability to do anything else locally when you connect to this VPN, either:
    • The routes on their side are overlapping with your LAN network, or
    • They're not split-tunneling and requiring ALL traffic to go through their network.  You can check this by doing a traceroute to Google and seeing if it goes directly out your local LAN/WAN or if it goes across their VPN first.
    Hope this helps!  - Daniel
    #3
    nfonz23
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/14 23:55:43
    • Status: offline
    Re: No HTTP or HTTPS when connect to a remote VPN 2020/03/16 00:19:00 (permalink)
    0
    Thanks for your replies

    I don't think it overlaps with their LAN as the VPN works fine when I take the FortiGate out of our network and put the old router back in place. Same with the split-tunneling, if I put the old router back in place (untangled virtual appliance) everything works fine.
     
    Is there a way to capture the traffic going through the fortigate from my local LAN address? So I can capture at which point it's being blocked/stopping?

    Also you were right the VPN is SSTP (SSL), Thanks!
    post edited by nfonz23 - 2020/03/16 00:20:05
    #4
    lobstercreed
    Gold Member
    • Total Posts : 162
    • Scores: 21
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: No HTTP or HTTPS when connect to a remote VPN 2020/03/22 22:31:39 (permalink)
    0
    Did you ever figure this out?  I can't think of anything else right now that would match those symptoms.  I assume other users can still access the internet fine when you're connected to this remote SSL-VPN on your computer?
     
    As far as capturing, there is a Packet Capture feature in the GUI that might help.  I don't think the FortiGate is getting the packets though if it only happens when you turn on the remote VPN.  Is it a DNS issue?  You did mention you can still ping certain remote addresses...by name or IP only?
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5