I’m very new to Firewalls and I’m trying setup a VPN connection. I used the IPSEC VPN Wizard and enabled Split Tunneling.
When I connect via VPN to the network I can ping 8.8.8.8 but I can not access any websites. Is there a policy that needs to be created that the wizard doesn’t create? I want users to use their own internet from browsing the web, just have the VPN for access shared files within the office.
Check your routes as a starter and see if split tunneling even works.
After that check your DNS settings to see if your client can even resolve names (this depends on how you handle your IPsec configuration).
Check your DNS. Test by resolving names and verify it. Then adjust your DNS setting for IPSEC. Use DNS servers other than the system DNS. Do you have internal dns severs?
Under Static Routes there are no entries. Use system DNS in mode config is enabled.
No this is my home computer trying to connect to my office computer which is behind the Fortigate but it’s just 3 computers and no servers… There is just the router using DHCP to distribute everything.
The tunnel is set to Mode Config and so is the client so I’m not sure where I should be changing DNS
You have to check on your client.
Connect with the client and observe what routes are pushed to the client.
You’re looking where 0.0.0.0/0 goes.
Then just use the IP address to connect to your office computer.
The client was just defaulted to Mode Config.
Connecting isn’t the issue. It is definitely DNS. When I connect i can ping the network resources and access the files by IP address. I can’t get out to the internet though. However, if I change the VPN adapter on the system to use 1.1.1.1 the internet starts working. So there is definitely a setting off somewhere and I don’t know where it is to correct it.
Again, check on your client. Do some basic troubleshooting before asking questions.
I can ping 8.8.8.8 but can’t get out to any sites
route print
Is the command you’re looking for.
You will want to use debug flow to see what is happening to your DNS request when it is processed on the firewall.
As I originally said I’m new to this and first time working with it, I’ve looked at youtube videos, read documentation on the fortinet site and now stuck. No need for you to respond any further.
I just can’t seem to find an issue and I just rewatched a setup tutorial and I can’t find my error.
Routes are as they should be. I have a suspicion that you are pushing DNS and your internal DNS is not resolving addresses for public IP-s. If you try to ping anything by name you’ll also have problems. I’m not at computer ATM, so I can’t login to any Forti at the moment to check. SSL-vpn has split DNS settings but I can’t say what you need to check for dial-in IPsec of my head.
