Link to home
Start Free TrialLog in
Avatar of A A
A A

asked on

cannot connect to http and ssh webservers while connected to fortigate vpn but can while disconnected from fortigate vpn

Hello Team

kindly be informed that I have 2 webservers that are connected behind fortigate firewall in vdom mode for protecting those servers as well there are another fortigate  vpn  firewall for IT stuff so we connect  as vpn ssll  to this firewall and from it  we ssh 2 web  servers known that we allowed our  vpn wan firewall for IT in access list for firewall of 2 webservers and after couple of days we found that we are able to access webservers and ssh servers only when we are disconnected from vpn of  firewall of IT .
waiting for your kind advice 
Avatar of Dr. Klahn
Dr. Klahn

Please show us a diagram of the network.  From the description, it is not clear what is connected to what, or how the network is configured.
Avatar of A A

ASKER

Thank you Khan

kindly find required info as follows:

Note that ip address :x.x.x.x every 4 octets of ip address are different but is written same octet for simplifying
 
we have vpn Firewall called Firewall _IT as we connect vpn to this firewall as it has wan ip x.x.x.x and  we have vpn subnet as z.z.z.z we have 2  hosted webservers with lan and wan ips  behind firewall called  Firewall_servers as we do Nat between servers webserver1 and webserver2   lans and wans  inside Firewall servers   so webserver 1 has H.H.H.H as lan1 translated to R.R.R.R as wan1  and webserver 2 has T.T.T.T as lan 2 and translated to Q.Q.Q.Q as wan2 .and we add ip x.x.x.x   (wan ip of Firewall_IT) as allowed  as source ip to  wan ip of  Firewall servers   and
VPN subnet O.O.O.O to Lan servers  inside Firewall Servers.

so usually we connect  as VPN to wan ip of firewall _IT and then we ssh wan ip addresses of  webserve1 and webserver 2  wan1,wan2 suddenly we found that we are unable to ssh  webserver1 and webserver 2 through  their wans ips  wan 1 R.R.R.R, wan 2 Q.Q.Q.Q  respectively   while vpn  is connected and  that we can connect only if we are disconnected from Vpn of Firewall_IT

waiting for your kind advice please
Please show us a diagram of the network.  It is still not clear what is connected to what, or if it is serial, parallel, or what.
I see two possibilities. First is that you're trying to connect to a public IP when you need to connect to a private IP.

Second possibility is that the firewall(s) or VPN do not allow the traffic from your VPN connection by policy.

ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial