Skip to main content
SegLati
SegLati
Visitor III
November 24, 2025
Question

Second vpn connection

  • November 24, 2025
  • 2 replies
  • 363 views

I have an SSL VPN configured to point to the 128.1.1.0/24 network. When I connect, it assigns me an IP address from the 128.1.1.x range. However, I need to create another connection pointing to the 192.168.2.0/24 network so that it can connect using FortiClient. How do I configure this second VPN connection? I'd like it to assign me an IP address from the 192.168.2.x network. I created a firewall rule for both networks, but it always assigns me an IP address from the 128.1.1.x network. Or would it be better to use an IPsec tunnel for the second VPN? Would the other VPN continue to function normally? 

Thanks

2 replies

AEK
SuperUser
AEK
SuperUser
November 24, 2025

If I understand well your question then you can resolve it by using different portal for different groups so you can assign different address ranges.

Check this tech tip.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-specific-SSL-VPN-address-pool-to/ta-p/195190

Hope it helps.

AEK
Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
November 24, 2025

Since your SSL VPN tunnel mode stops working (not supported any more) when you upgrade it to 7.6.3 or above, I would recommend you set up a dialup IPsec VPN with FortiClients for the new connection if you're creating a new connection. Then you don't have to worry about this part of VPN when you upgrade your FGT to 7.6.x. 
SSLVPN and IPsec VPN can co-exist on FortiClient side as well so users can switch back-and-forth between them.

Toshi

Terms & ConditionsAccessibility statement