| Description |
This article describes the reason for the different assigned IP addresses to the clients that are not a part of the tunnel address range. |
| Scope | FortiGate. |
| Solution |
The configured range in which the tunnel users will receive IPs is 10.212.134.200 - 10.212.134.210. The range has been highlighted in the below screenshot.
Further, it can be viewed from CLI using following commands:
config firewall address
However, when the user connects to an SSL VPN, it does not receive the IP address from defined configured range.
The reason is that the range in the SSL VPN portal takes priority over the range defined in the SSL VPN settings. In this case, the 'full-access' SSL VPN portal has been used and the user 'testuser' is a part of the group 'Guest-group'.
In the 'full-access' SSL VPN portal, the pool applied as a source IP pool is taking priority over the SSL VPN IP pool defined in the SSL VPN settings.
The Pool has the following range, and this is the reason when a user connects to the SSL VPN, the user receives the IP from the pool defined in the SSL VPN portal.
config firewall address edit "SSLVPN-Test-2" set uuid 81e6abc4-8a74-51ef-45e5-291bad963a60 set subnet 192.168.1.0 255.255.255.0 next end
The pool was changed and the same pool defined in the SSL VPN settings was applied.
The test was performed and the user received the IP defined in the default pool.
|
