VPN out UTM to corporate network issues.

Hi, Chad, and welcome to the UTM Community!

Does #1 in Rulz give you any clues?  If not, my guess is a routing problem with the VPN endpoint at corporate.

Cheers - Bob

EDIT 2016-09-28: Added the link to Rulz.

Bob,

Not sure what you mean by #1. My first rule is to allow any internal traffic outbound over any protocol. Not the most secure thing but did it for troubleshooting purposes.

As far as a routing problem I'm the only one experiencing the problem. We're all a bunch of IT security consultants working remotely from home with our own individual FW solutions running on our home networks. 

Once I took the UTM out of the equation and put a Linksys FW/Router in play everything worked fine.

Using Pulse Secure as the vpn client.

Thanks,

Chad

I suspect that if it's the VPN client causing the problem, nothing you change in the UTM will make a difference.  You can confirm this by establishing the VPN from another network I.E. another person's house.  If you still can't browse the internet when the VPN is up you can blame the client.

Well before I installed the UTM I didn't have this problem.  I could have my VPN'd remote desktop up on one monitor, and then browse any standard non corpoarate site I wanted to on the other monitor.  The issue only started once I setup the UTM, so I was thinking there was something the UTM was doing that was blocking the traffic.  Even still, when I hotpot off my phone instead of my home wifi it runs normally... can browse The Google on one monitor and work my remote desktop on the other.  So that's why I was isolating the issue to a UTM setting.

Here's a wacky idea....

Maybe UTM is seeing your web traffic as coming from the client end of the VPN tunnel.  For example, say your VPN tunnel is configured as a 10.100.x.x network - once the tunnel is established, your computer gets an address based on that tunnel.  If the web request is issued from that address, the UTM's web filtering may block it as it's not a recognized network.  Same may happen for DNS requests.

How can I see that?  I did ipconfig from the laptop, and I can see the LAN address and the VPN'd IP as well, but dont see either of those in the firewall or the web filter logs when trying to load lynda.com.

Tim, if you do route print at the PC's command line, is the Gateway for 0.0.0.0 your UTM or something at corporate?

I suspect that it's time to do #1 in Rulz now that we know you're using FortiClient.

Cheers - Bob

It is both.  0.0.0.0 has two entries, one for the UTM and one for corporate.

Still not sure how to get what I want out of Rule 1, but then again I don't know much about this stuff anyways ;).  I just viewed Intrusion Prevention, Application Control and Firewall logs while trying to open www.google.com on the laptop, but the live logs didn't see to show new records as the site failed to load.

Have you looked in the Web Filtering log, Tim?

Cheers - Bob

Yes, that is where I started but I see nothing with a familiar IP with respect to the laptop or the remote IP.  What should I look for, I am not very keen at parsing these when I do not see a source other than the computer I am using to watch the logs.

When you start a Live Log, put the client IP or the remote IP you're looking for into the 'Filter' box at the top and hit [enter].

Cheers - Bob

Yeah, I did a find on the Web Filter Log for the past two days and the local IP does not show up.

Yeah, I did a find on the Web Filter Log for the past two days and the local IP does not show up.