This article describes that is not possible to access the internal website through the bookmark over SSL VPN web mode.
Scope
FortiGate.
Solution
Run the SSL VPN debug using the public IP address of the user.
diagnose vpn ssl debug-filter src-addr4 x.x.x.x <----- Source the IP address of the user. diagnose debug application sslvpn -1 diagnose debug enable <----- To enable debug.
Access internal resources through the bookmark. Check the output of debug:
[5215:VPN:38]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384 [5215:VPN:38]do_http_validate:442 method (POST) on uri (/proxy/1667d/https/internalwebiste.com/test/) not allowed. [5215:VPN:38]sslConnGotoNextState:309 error (last state: 1, closeOp: 0) [5215:VPN:38]Destroy sconn 0x7f28817, connSize=1. (VPN) Diagnose debug disable <----- To disable debug after accessing the website.
Check the maximum TLS version selected on the SSL VPN configuration and also for the internal server/website. If internal resources are using TLS v1.2 select the maximum TLS version of the SSL VPN configuration to v1.2.
config vpn ssl setting set ssl-max-proto-ver tls1-2 end