Created on
‎04-25-2023
08:00 AM
Edited on
‎02-12-2025
10:10 PM
By
Anthony_E
Description |
This article describes how to advertise the SSL VPN pool over BGP.
|
Scope | All FortiGate models and FortiOS versions. |
Solution |
SSL VPN clients receive the IP address from the IP space, which is neither a subnet address object nor a directly connected network. As a result, a BGP configuration is typically unable to see the SSL VPN pool.
FGT-HO # get router info routing-table all | grep ssl.root
Secondly, ensure that in BGP -> Networks configuration on the GUI, the SSL VPN pool subnet has been advertised, i.e., 15.0.0.0/24 in the example. After this configuration, the SSL VPN pool will be advertised over the BGP to the BGP peer.
get router info bgp neighbors 201.1.1.1 advertised-routes
After the creation of SSL VPN static route:
get router info bgp neighbors 201.1.1.1 advertised-routes
Network Next Hop Metric LocPrf Weight RouteTag Path *>i15.0.0.0/24 200.1.1.1 100 32768 0 i <-/-> Total number of prefixes 1
get router info bgp neighbors 200.1.1.1 received-routes VRF 0 BGP table version is 4, local router ID is 3.3.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path *>i15.0.0.0/24 200.1.1.1 100 0 0 i <-/->
Total number of prefixes 1 Note:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.