Transparent Mode Not allowed VPN user

Helmi Salim Lv1Posted 02 Aug 2023 08:52

Hi Newbie here,

Below is a topology diagram depicting the installation ofNGAF in transparent mode. NGAF is utilized for traffic monitoring and reportingpurposes. The configuration is functioning smoothly, allowing users to accessthe internet. Additionally, FortiGate acts as the DHCP server, successfullyproviding IP addresses for local users. However, an issue arises when it comesto VPN users. Upon installing NGAF in between, VPN users can only access theNGAF IP and are unable to reach any IP beyond NGAF. This is a flat network, utilizing a default single VLAN.

Any sifoo here can help me. Thank you




9023564c9a3b4b54ba.png (41.69 KB, Downloads: 452)

9023564c9a3b4b54ba.png

isabelita has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Turn on System>Troubleshooting>Global Passthrough and Analysis.
Allow the user to reconnect to the SSL VPN and view the log.
Please share the screenshot with us if possible. You can conceal private information such as your public IP address, for example.
Is this answer helpful?
Zonger Lv5Posted 13 Aug 2023 07:15
  
It seems like you're describing a network topology with an NGAF (Next-Generation Application Firewall) installed in transparent mode that is causing issues for VPN users.

In a transparent mode deployment, the NGAF might not have routing configured to properly handle VPN traffic. Ensure that the NGAF is configured to route VPN traffic correctly to and from the VPN users and the rest of the network.
jerome_itable Lv3Posted 09 Aug 2023 09:43
  
It sounds like you're encountering connectivity issues with VPN users when NGAF (Next-Generation Firewall) is placed in between the VPN users and the rest of the network. There could be several reasons for this behavior. Here are a few troubleshooting steps you could consider:

    Routing Configuration: Check the routing configuration on the NGAF and the devices on the network. Ensure that proper routes are set up to allow traffic to flow from VPN users through NGAF to the rest of the network and vice versa.

    NAT (Network Address Translation): Ensure that NAT rules on the NGAF are properly configured to translate internal IP addresses to the NGAF's external IP address as the traffic passes through. This is particularly important when traffic needs to traverse between different IP address spaces.

    Firewall Rules: Review the firewall rules on the NGAF. Make sure that there are no rules blocking the traffic from VPN users to the rest of the network. Also, ensure that appropriate rules are in place to allow VPN traffic to pass through the NGAF.

    VPN Configuration: Double-check the configuration of your VPN solution. Ensure that the VPN clients are using the correct configuration settings to connect to the NGAF and that the NGAF is properly configured to handle VPN traffic.
Tayyab0101 Lv2Posted 09 Aug 2023 03:15
  
Disable DHCP
Farina Ahmed Lv5Posted 08 Aug 2023 14:11
  
The solution was to check if the resource is L3VPN resource and if not, it is not required to assign virtual IP. Another solution was to check if Sangfor SSL VPN CS Support System VNIC has been successfully installed and if there are other VPN network adapter or unknown adapter. If yes, get approval from the client to uninstall the driver
Natsu Dragneel Lv3Posted 07 Aug 2023 15:53
  
Please use a packet capture and then check thoroughly what causes it.
BitCloud Lv3Posted 07 Aug 2023 15:43
  
Check in the NGAF if the VPN traffics are Block.
Adonis001 Lv3Posted 07 Aug 2023 15:27
  
If that is a flat network, you must choose only one source of DHCP. It it is the fortigate then disabled the NGAF
Naomi Posted 07 Aug 2023 15:22
  
Disable the DHCP broadcast of the NGAF
RegiBoy Lv5Posted 07 Aug 2023 15:06
  
You must configure the NGAF to relay the request of specific Vlan

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders