| Description | This article describes how to access shared network drives on the local network after establishing an SSL VPN connection. |
| Scope | FortiClient 7.4.0 and Network drive after tunnel connection. This article does not show the configuration on the FortiGate side for SSL VPN connections. It assumes that they are correctly configured to reach these network drives are on from SSL VPN IPs in the range 10.212.134.200 - 210. |
| Solution |
Initially, it is necessary to have the SSL VPN configuration correctly on the FortiGate side following these points below:
Follow this guide: Setup SSL VPN: Tunnel & Web Modes Once this is done, it is possible to configure and connect to this VPN:
Starting from FortiClient 6.0.0 and earlier (7.4.0), a configurable script was developed in the logic of the FortiClient XML file, which allows auto-running a user-defined script after the configured VPN tunnel is connected or disconnected, depending on the configuration of the script.
For Windows they are called 'batch scripts' and for MAC-OS 'shell scripts'. These scripts are defined as part of the FortiClient configuration on each of the user's end devices, including them in the body of the XML file that makes up said configuration.
To download this configuration, go to the FortiClient settings, system, Restore a configuration, and Backup. It will be necessary to enter a key to be able to download and/or reload the file.
 When it has full administration of end-user devices, it has profiles associated with these users from the FortiClient-EMS. The profile is pushed down to FortiClient from FortiClient EMS, in case it has an active license with this product.
If it does not have a FortiClient EMS license the script can also be configured manually directly in the free versions of FortiClient, locating the configuration of the VPN to which is desired to connect, modifying the XML file, and reloading it. Once the VPN tunnel from FortiClient is connected or disconnected, the script that was configured in that connection is executed.
  
If configuring the following script, it will map a network drive and copy some files after the tunnel connects. In this example, it is located on the host 192.168.0.138 and it is desired to have access to a shared network drive (from the SSL VPN connection tunnel) which is the folder named 'd' that is within the same host 192.168.0.138 and is assigned the disk 'Z'. Remember that it is necessary to have the correct credentials to access this resource and place them in the script:  
If the XML config is right whenever the VPN connects it should work. The work of EMS and Intune is to push the configuration to the endpoints for this scenario think of something like an endpoint manager or installer. So, if configuring the XML file individually or sending the entire config file from ems it is going to do the same thing unless the script is configured correctly. Related document: |
