Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
iamgers
New Contributor

Created on ‎02-08-2023 01:34 AM

Access ssl-vpn clients form local network

When i connect to SSL-VPN i can normally access my lan, also vpn clients can see each others so thats good to, but when im sitting in office and i need to remotely access vpn client, i cant. To do this i also must connect to vpn so i cant access him. i assume its routing problem but i cant really find any info about this.

ssl-vpn range is 10.99.201.10-10.99.201.100, and i dont really understand why after checking ip config of clients, it shows ip 10.99.201.11 and gateway as 10.99.201.12. isnt 10.99.201.12 supposed to be address for next client?

i have set up firewall rule to allow traffic form my vlan to ssl-vpn interface and in static routes i have one

with destination: 10.99.201.0/24

gateway:0.0.0.0

interface: ssl-vpn

Labels:
1487
0 Kudos
2 REPLIES 2
Debbie_FTNT
Staff
Staff

Created on ‎02-08-2023 02:30 AM

Hey iamgers,

to answer your questions:

- the VPN connections are technically /32 subnet connections, but as a gateway, the IP following the client IP is set (even if this is used by the next client as well).

-> if your client has a VPN IP 10.99.201.11, then seeing gateway IP 10.99.201.12 in the client is correct (even if that IP is in use by a different client)

- For SSLVPN, the connection must always be established by the client; it can't be initated by FortiGate

- while the SSLVPN connection is up, IF you have a route AND policy in place to allow traffic to be initiated to the client, you should be able to access the client, I believe

-> You have a route configured based on your comment above, but do you also have a policy in place?

 

I hope this helps!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
1473
0 Kudos
iamgers
New Contributor

Created on ‎02-08-2023 04:01 AM

If by policy you mean firewall policy then, yes i have one that look like this:

Incoming Interface : vlan

Outgoing : ssl-vpn

source: all

all

all

 

but when i check logs, its not even using this rule, instead it uses generic rule vlan to wan

1467
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.