Hot!Internet access on VPN SSL with tunnel mode

Author
David P28
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/10/23 07:17:26
  • Status: offline
2020/10/23 07:25:29 (permalink)
0

Internet access on VPN SSL with tunnel mode

Hi,
I am using SSL VPN connection with split tunneling desactivated. I also use a WAN LLB interface.
My pb is that i can access to the local network, but i cannot access to Internet. So, i need to create an firewull rule with ssl.root in incomming interface and my WAN LLB link in outgoing interface. But in the outgoing interface list, i cannot see my LLB link ? 
Can you please help me to understant why ?
Thank you.
David.
#1

5 Replies Related Threads

    boneyard
    Gold Member
    • Total Posts : 364
    • Scores: 16
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: Internet access on VPN SSL with tunnel mode 2020/10/24 04:11:42 (permalink)
    0
    WAN LLB isn't a term anymore in newer FortiOS versions, which one are you using?
     
    it is is a newer 5.6+ you are probably looking for the sdwan interface.
     
    if not then adding a screenshot might help us understand and point out what you want.
    #2
    David P28
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/10/23 07:17:26
    • Status: offline
    Re: Internet access on VPN SSL with tunnel mode 2020/10/26 00:41:17 (permalink)
    0
    Thank you for your reply,
    i know that LLB is not used anymore and was replaced by SDWan. And my problem is not with that feature (who works well). I just wanted to know why i cannot select WAN interface in my policy (ssl.root to WAN) to allow internet access from SSL connections to the office internet access.
    Do you have an idea ?
    (the firmware migration is planned)
    #3
    boneyard
    Gold Member
    • Total Posts : 364
    • Scores: 16
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: Internet access on VPN SSL with tunnel mode 2020/10/26 11:47:54 (permalink)
    0
    my idea is that because WAN is a part of the LLB / SD-WAN interface, making it impossible to select part of that interface.
     
    a screenshot of your available interfaces would help a lot with pointing it out.
    #4
    David P28
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/10/23 07:17:26
    • Status: offline
    Re: Internet access on VPN SSL with tunnel mode 2020/10/27 00:40:51 (permalink)
    0
    Yes, the WAN interface is member of LLB link. But does it mean that i cannot set a policy to allow traffic from ssl.root interface to remote WAN ?
    You can find below 2 screenshots of the available interfaces. If i select Internal, i can choose LLB for outgoing interface, but if i choose ssl.root, it disappears.
    https://postimg.cc/D8RwXz5W
    https://postimg.cc/HJgW6Pqd
     
     

    #5
    boneyard
    Gold Member
    • Total Posts : 364
    • Scores: 16
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: Internet access on VPN SSL with tunnel mode 2020/10/27 11:26:16 (permalink)
    0
    ok, like that, to me that feels like a bug, or some older default behaviour for LLB.
     
    this older questions says it is an issue in 5.4 which is solved in 5.6
     
    https://forum.fortinet.com/tm.aspx?m=150355
    #6
    Jump to:
    © 2020 APG vNext Commercial Version 5.5