Technical Tip: Troubles accessing management access through VPN

Description

This article describes how to set a trusted host for SSL VPN web mode, SSL VPN tunnel mode, and IPsec dial-up VPN.

Scope

FortiGate.

Solution

Define Trusted hosts by going to System -> Admin -> Administrators.

On newer FortiOS versions,System ->Administrators.

For SSL VPN web mode and IPsec dial-up VPN, set the IP address configured for the Listen on interface specified in the SSL VPN settings as a trusted host.

For SSL VPN tunnel mode and IPsec dial-up VPN, set the client address range as a trusted host.

Example:
WanIP (SSL VPN portal): 172.31.17.177.
SSL VPN tunnel mode client address range: 10.212.134.200-10.212.134.210.
IPsec dialup VPN client address range: 192.168.10.1-192.168.10.254.

Set trusted host by:

Trusted Host 1: 172.31.17.177/255.255.255.255.
Trusted Host 2: 10.212.134.192/255.255.255.224.
Trusted Host 3: 192.168.10.0/255.255.255.0.

Note:

When trusted hosts are configured and the Console Access feature of the GUI is required, 127.0.0.1/255.255.255.255 must also be included as a trusted host.