Skip to main content
Csiti
Csiti
New Member
July 25, 2023
Question

Vlan route

  • July 25, 2023
  • 1 reply
  • 4402 views

Hello!
I have a FortiGate 80F, internal address range 1.
I created two vlan on fortigate, 3 and 5  and set up ssl vpn 11. The vpn works fine, except that I can't reach any vlan address, even though I set up a firewall rule for all of them and I have also selected the two vlan addresses in the ssl vpn portal in addition to the internal one in the routing address override menu. I could not set static root because I always got the error message : Gateway IP is the same as the interface IP, please choose another IP address. I think this is a problem because the vlan should be available on the local network, but there is no gateway between them.
Please if anyone knows the solution please help.

1 reply

srajeswaran
Staff
srajeswaran
Staff
July 25, 2023

You don't need a route for the communication to the VLAN interface as they will be present as connected/direct route in fortigate.
When you say the interfaces are not reachable via SSL, can you run a diagnose sniffer command and check if the ping requests to vlan interface is reaching fortigate via ssl interface?
Are you able to ping the VLAN interface directly from the fortigate itself?
Is ping enabled under interface access ?


Csiti
CsitiAuthor
New Member
July 25, 2023

Hi !
Ping is enabled on the network interface.
Both 192.168.3.1 and the devices on the vlan can be pinged from FortiGate, but the client logging in on the vpn cannot see it.
I can see the vlans in the Windows routing table.route_win1.PNG

Terms & ConditionsAccessibility statement