FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akumarr
Staff
Staff
Description
This article will descibes how to communicate between two SSL clients connected on the same FortiGate.

Solution
Find the picture below, two hosts have been connected to the FortiGate using FortiClient.





The IP address of first client is 10.0.0.1 while the second client has an IP 10.0.0.2.
In order to make 10.0.0.1 to communicate with 10.0.0.2, make sure the traffic reaches the FortiGate(enabling split tunnel is mandatory).
A proper policy is needed.

When client 1 (10.0.0.1) wants to communicate with 10.0.0.2 , the client forwards the traffic to FortiGate.
Go to VPN -> SSL VPN portals, edit the portal, enable the split tunnel and under routing address create an address object and the subnet 10.0.0.0/8.




Add a policy.
Make sure the source interface and destination interface are SSL interface, next the source IP have 10.0.0.0/8 subnet or 10.0.0.1(Depends on the number of client ) and user group and destination are the SSL VPN client IP.




As soon as the policies are made 10.0.0.1 can communicate with 10.0.0.2.



Contributors