Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Access ssl-vpn clients form local network

When i connect to SSL-VPN i can normally access my lan, also vpn clients can see each others so thats good to, but when im sitting in office and i need to remotely access vpn client, i cant. To do this i also must connect to vpn so i cant access him. i assume its routing problem but i cant really find any info about this.

ssl-vpn range is, and i dont really understand why after checking ip config of clients, it shows ip and gateway as isnt supposed to be address for next client?

i have set up firewall rule to allow traffic form my vlan to ssl-vpn interface and in static routes i have one

with destination:


interface: ssl-vpn


Hey iamgers,

to answer your questions:

- the VPN connections are technically /32 subnet connections, but as a gateway, the IP following the client IP is set (even if this is used by the next client as well).

-> if your client has a VPN IP, then seeing gateway IP in the client is correct (even if that IP is in use by a different client)

- For SSLVPN, the connection must always be established by the client; it can't be initated by FortiGate

- while the SSLVPN connection is up, IF you have a route AND policy in place to allow traffic to be initiated to the client, you should be able to access the client, I believe

-> You have a route configured based on your comment above, but do you also have a policy in place?


I hope this helps!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
New Contributor

If by policy you mean firewall policy then, yes i have one that look like this:

Incoming Interface : vlan

Outgoing : ssl-vpn

source: all




but when i check logs, its not even using this rule, instead it uses generic rule vlan to wan

Top Kudoed Authors