Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anonymous
Not applicable

Created on ‎12-31-2021 12:43 AM Edited on ‎02-05-2024 08:01 AM By Community Manager

Article Id 202252

Technical Tip: How To communicate the SSL-VPN users from the LAN users

Description This article describes how To communicate the SSLVPN users from the LAN users.
Scope FortiGate
Solution

The client PC is connected to the Fortigate through Forticlient and the client PC is able to access the internet as well as the LAN users.

Note.

The split tunnel is disabled.

In rare cases, LAN users might need to communicate with the SSL VPN client machine so all we need to have is LAN to SSL VPN policy.  However, in our case Split tunnel is disabled hence Simple policy should be sufficient.
akumarr_0-1640887746394.png

 

LAN user IP is >> 172.31.135.25


And the policy is between LAN to SSL VPN.


akumarr_1-1640888045257.png

 

And the result is given below.

akumarr_2-1640888133805.png

 

Check the sniffer which clearly shows that traffic is coming from 172.31.135.25(LAN PC) and it is sent out through 10.212.134.208(SSL-VPN interface).


2.384320 port2 in 172.31.135.25 -> 10.212.134.208: icmp: echo request
2.384420 ssl.root out 10.5.21.115 -> 10.212.134.208: icmp: echo request
2.386556 ssl.root in 10.212.134.208 -> 10.5.21.115: icmp: echo reply
2.386585 port2 out 10.212.134.208 -> 172.31.135.25: icmp: echo reply
2091
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.