FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 200756



This article describes how to connect the Guest VLAN users to SSL VPN configured on the WAN port.

Scope FortiOS

In some cases, Guest VLAN users have restricted Internet access when connected through the Fortigate.

If the user needs to connect to the SSL VPN which is configured on the WAN port, the IPv4 policy is required to have access to the port configured for the SSL VPN.

Check the traffic direction to find the internal port and SSL-VPN configured port.

Thereafter, configure IPv4 policy to allow traffic from the Guest VLAN interface to the WAN interface and add service as the port configured for SSL VPN.

Source NAT should be disabled in the reference IPv4 policy.

In this way, Fortigate will allow the SSL VPN negotiation traffic from the Guest LAN user to the WAN port to establish the connection.