Fortinet Community

iamgers · ‎02-08-2023

When i connect to SSL-VPN i can normally access my lan, also vpn clients can see each others so thats good to, but when im sitting in office and i need to remotely access vpn client, i cant. To do this i also must connect to vpn so i cant access him. i assume its routing problem but i cant really find any info about this.

ssl-vpn range is 10.99.201.10-10.99.201.100, and i dont really understand why after checking ip config of clients, it shows ip 10.99.201.11 and gateway as 10.99.201.12. isnt 10.99.201.12 supposed to be address for next client?

i have set up firewall rule to allow traffic form my vlan to ssl-vpn interface and in static routes i have one

with destination: 10.99.201.0/24

gateway:0.0.0.0

interface: ssl-vpn

Debbie_FTNT · ‎02-08-2023

Hey iamgers,

to answer your questions:

- the VPN connections are technically /32 subnet connections, but as a gateway, the IP following the client IP is set (even if this is used by the next client as well).

-> if your client has a VPN IP 10.99.201.11, then seeing gateway IP 10.99.201.12 in the client is correct (even if that IP is in use by a different client)

- For SSLVPN, the connection must always be established by the client; it can't be initated by FortiGate

- while the SSLVPN connection is up, IF you have a route AND policy in place to allow traffic to be initiated to the client, you should be able to access the client, I believe

-> You have a route configured based on your comment above, but do you also have a policy in place?

I hope this helps!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

iamgers · ‎02-08-2023

If by policy you mean firewall policy then, yes i have one that look like this:

Incoming Interface : vlan

Outgoing : ssl-vpn

source: all

all

but when i check logs, its not even using this rule, instead it uses generic rule vlan to wan

Fortinet Community

Access ssl-vpn clients form local network