Skip to main content
Ali_Jassim
Ali_Jassim
New Member
February 1, 2017
Solved

VPN Using forticlient Software

  • February 1, 2017
  • 1 reply
  • 7772 views

Greetings to you

 

My problem in brief :

We have EMS server with 600 endpoint licenses, My computer is connected to EMS and getting update for AV

I want to use VPN from OUT Side to Company! I create user in fortigate user1,pass11$$$&^, I create policy to allow vpn to connect!

I tested via browser is working 

 

but from forticlient software it will connect to VPN ! but I can't ping any subnet which I added, Although I can ping my subnet via VPN Browser

 

 

My question is ----> in fortigate 200D device i don't have license for VPN, but I have license in EMS 600 EndPoint

and my Forticlient software it showing registered to EMS  but I'm not able to connect VPN! actually it will connect and I'm getting Alert --> Configuration update was received from FortiGate but I can't ping the subnet which I added ,Although I can ping my subnet via VPN Browser!

 

 

Thanks

    Best answer by Alby23

    The reason is that in Web  Only mode your client doest not have an IP assigned from a FortiGate, so your request are proxyed by the FortiGate itself (no routes needed here).

     

    If you use FortiClient, your PC receive an IP assigned from the FortiGate so you have to configure on the FortiGate a route in order to let the ICMP reply packet to be routed back to your PC.

    1 reply

    Alby23
    Alby23
    New Member
    February 1, 2017

    In tunnel mode assigned IP is implied so you have to properly configure routing and firewall policies (specifically source subnet) in your FortiGate.

    Ali_Jassim
    Ali_JassimAuthor
    New Member
    February 1, 2017

    Dear Alby23

    Why I need to add route ? while if i'm using VPN via Browser every thing working good ! 

    I hope you understand my problem

     

    Alby23
    Alby23Answer
    New Member
    February 1, 2017

    The reason is that in Web  Only mode your client doest not have an IP assigned from a FortiGate, so your request are proxyed by the FortiGate itself (no routes needed here).

     

    If you use FortiClient, your PC receive an IP assigned from the FortiGate so you have to configure on the FortiGate a route in order to let the ICMP reply packet to be routed back to your PC.

    Terms & ConditionsAccessibility statement