FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 300854

This article describes how to allow SSL VPN users terminated on WAN PORT/PORT9 VDOM_A to access the File server connected to port 5 on VDOM_B.

Scope FortiGate.



To make this work, follow these steps:

  1. Setup SSL VPN on VDOM_A: Setup SSL VPN portal on VDOM_A and add the subnet of the file server from VDOM_B to the routing override address along with the desired local LAN subnet.




  1. Setting up SSL VPN in VDOM_A: Specify the Port on VDOM_A, which Listens to SSL VPN users, In the given scenario Port 9 is used as the WAN port.  




  1. Routing configuration at VDOM_A: Ensure static routes or appropriate dynamic routing protocols are configured to connect the VDOMs and allow traffic flow between them VDOM_A must have the routes to the file server behind VDOM_B pointing towards the inter-VDOM link.




  1. Static Routing configuration at VDOM_B:  VDOM_B must have the SSL VPN subnet in its routing table pointing towards the inter-VDOM link.



  1. Firewall policy on VDOM_A: VDOM_A must have a firewall policy to allow the SSL VPN subnet and user group to access File Sever in VDOM_B through an inter-VDOM link. Specify the user group to which the SSL VPN user belongs.  




  1. Firewall policy on VDOM_B: VDOM_B must have a firewall policy to allow incoming traffic from the SSL VPN subnet of VDOM_A to access the File server on Port 6. Here the incoming interface should be the inter-VDOM link.