Description
This article describes how to communicate between two SSL clients connected to the same FortiGate.
Scope
FortiGate.
Solution
Find the picture below, two hosts have been connected to the FortiGate using FortiClient.
The IP address of the first client is 10.0.0.1, while the second client has an IP 10.0.0.2.
In order to make 10.0.0.1 communicate with 10.0.0.2, make sure the traffic reaches the FortiGate(enabling split tunnel is mandatory).
A proper policy is needed.
In order to make 10.0.0.1 communicate with 10.0.0.2, make sure the traffic reaches the FortiGate(enabling split tunnel is mandatory).
A proper policy is needed.
When client 1 (10.0.0.1) wants to communicate with 10.0.0.2, the client forwards the traffic to FortiGate.
Go to VPN -> SSL VPN portals, edit the portal, enable the split tunnel, and under routing address, create an address object and the subnet 10.0.0.0/8.
Go to VPN -> SSL VPN portals, edit the portal, enable the split tunnel, and under routing address, create an address object and the subnet 10.0.0.0/8.
Add a policy.
Make sure the source interface and destination interface are SSL interfaces, the source IP has a 10.0.0.0/8 subnet or 10.0.0.1(Depends on the number of clients), and the user group and destination are the SSL VPN client IP.
As soon as the policies are made, 10.0.0.1 can communicate with 10.0.0.2.
Note: Versions 5.0 up to 7.0 are out of engineering support. So these commands might be different on higher versions. Consider upgrading the firmware level on the device to a supported version (v7.2 up to v7.6). Here, check the firmware path and compatibility depending on the hardware: Upgrade Path Tool Table.
