![\"\"](\"https:\/\/increasec.com\/wp-content\/uploads\/2021\/05\/image-2.png\")
<\/figure>\n\n\n\n5. hover over connections until you find the user in question. This makes sure you are connecting to the firewall you expect. The client could be connecting to a VPN tunnel you are not expecting ie the iOS VPN tunnel which doesn’t have permissions to get to where the user wants to go. But usually if the phase1 negotiation selects the wrong connector it just fails.<\/p>\n\n\n\n Next try and do a ping to the inside interface of the firewall. If you cannot that is a good indication that the problem is either routing or protocols on the client end.<\/p>\n\n\n\n Disable IPv6 if it is enabled<\/p>\n\n\n\n Disable any non-Microsoft Firewall product<\/p>\n\n\n\n <\/p>\n\n\n\n IF this is a NEW VPN connection: tracert shows hop 2 which is the ip address of the upstream ISP router<\/p>\n\n\n\n If the ISP router uses Connection Mode DHCP, switching to Bridged mode is an easy fix. after the ISP hardware is in Bridge Mode there won’t be any web interface. The wifi may stop working, if it has any. To reset the device back to NAT\/Router mode you will need to hold down the hardware reset button for 10 seconds. It will take a full 5 minutes for it to come back to life. Here are the troubleshooting steps i use 1 sign on to the user PC using TeamViewer\/Splashtop or similar 2 verify client is correct version. v7.0 is available now, Fortinet has…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[75,106],"class_list":["post-1481","post","type-post","status-publish","format-standard","hentry","category-uncategorised","tag-forinet","tag-vpn"],"_links":{"self":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/1481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1481"}],"version-history":[{"count":4,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/1481\/revisions"}],"predecessor-version":[{"id":2512,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/1481\/revisions\/2512"}],"wp:attachment":[{"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/increasec.com\/wp-content\/uploads\/2021\/05\/image-3.png\")
<\/figure>\n\n\n\n
Lookup the external address on your firewall and don’t use tools like http:\/\/whatsmyip.org
they report the closest public IP to you, which isn’t always the IP of your firewall.
Double NAT is a problem where your firewall does NAT but so does the ISP provided, upstream hardware that your firewall is plugged into.
The normal solution is to put the ISP hardware into Bridge Mode. <\/p>\n\n\n\n![\"\"](\"https:\/\/increasec.com\/wp-content\/uploads\/2023\/05\/image.png\")
<\/figure>\n\n\n\n
If the Connection Mode is PPPoE, you will need to write down the username and password from your ISP hardware and re-enter that in YOUR firewall.<\/p>\n\n\n\n![\"\"](\"https:\/\/increasec.com\/wp-content\/uploads\/2023\/05\/image-1.png\")
<\/figure>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"