SSL VPN Same subnet

Welcome to the forums. I' m not sure about web mode SSL VPN, since I really don' t use it, but with tunnel mode, this isn' t an issue. When you create the portal for tunnel mode, you select a subnet (or IP range) that the SSL VPN users will be presented as to the LAN (or DMZ, etc.) This IP range is what the SSL VPN users will all use on the way in, regardless of what subnets they really have in their individual LANs. Make it unique, and you should be good to go.

Thanks for your post. But the problem is: The server has a ip like 192.168.1.20 and when the user ping or connect to this ip he ping the locally adress and not the adress in office. What can I do ?

I am not sure if it would help you, but in the CLI, there is portal-specific option

exclusive-routing {enable | disable} Enable to force traffic between the client and the client’s local network to pass through the SSL VPN tunnel. This can enhance security. By default, an SSL VPN with split-tunneling disabled does not affect traffic between the client and the client’s local network, even though all other traffic is routed through the SSL VPN tunnel. exclusive-routing is available only when splittunneling is disabled.

This will have side effects, like other people on the very same portal will not be able access their local LANs.

Hello, Ok I have tried to conect to the SSL VPN with the Fortigate Client not just the SSL CLient and thats work :) !! But all the traffic go trough the ssl vpn include internet. It' s possible to separate that ? regards, Vince

Glad to see it working. For my curiosity: did you try to use exclusive-routing as suggested by me recently? A.