We use a Fortigate 40F at our church as our main router. We installed it a few months ago, replacing a Ubiquiti firewall. Everything has been working great, except our staff have started using a service that requires a VPN connection, which is being blocked by the firewall.
Is there an obvious setting that I need to enable / disable to allow VPNs to work within the network? I tried Googling it but all of the results were either for setting up VPN blocking, or trying to get around it as an end user.
Any help would be greatly appreciated!
There could be many things, but based on your description the most likely culprit in this case is a UTM profile. Check to see if application control, Web filtering, or DNS filtering is applied to the relevant firewall policy. If so, check the logs for those profiles to see if they are blocking the user’s VPN traffic. You can also create a test policy for that host with no UTM to quickly determine if it’s a UTM profile issue.
What type of IPsec are you using? There shouldn’t be any collision as in this scenario there are two different ipsec tunnels.
Start a debug flow and see how the traffic flows.
All firewall policies to and from the ipsec have been created? Routes added if required and phase 2 selectors added correctly?
Thanks - I checked the UTM policies and at the moment they are all turned off. Here is a screenshot of our outbound policy: https://imgur.com/a/dufy2pv.
We do have an IPSec VPN setup on the Fortigate to allow some of our staff to log in to the church network remotely. The new VPN service is also IPSec. Is it possible that there could be some kind of collision between the two VPNs?