Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
5q46n2te8jPWJY
New Contributor II

Created on ‎05-05-2024 10:28 AM

Access to remote subnet via VPN SSL with multiple Fortigate and MPLS

Hi guys!

I want to submit use my actual issue.

 

 

Diagramme sans nom.drawio.png

I just configure SSL VPN on Fortigate A, and I want to join ressources connected behind Fortigate B. Fortigate A and B are connected trought MPLS. I added Fortigate B ressources subnet, but it is not sufficient.

 

Can you guide me?

 

Thanks for your opinion!

Labels:
187
0 Kudos
2 REPLIES 2
AEK
SuperUser
SuperUser

Created on ‎05-05-2024 10:42 AM

Hi

Did you add the route-back on FG-B?

I mean you need to add on FG-B a route towards Site-A-SSL-VPN-Subnet through MPLS interface.

Make sure SSL-VPN IP range of site 1 and site B are not the same.

Otherwise you can still enable NAT on the policy on FG-A (I prefer avoid it but just as quick workaround).

AEK
AEK
175
0 Kudos
hbac
Staff
Staff

Created on ‎05-06-2024 07:38 AM

Hi @5q46n2te8jPWJY,

 

If you have split tunneling enabled, make sure you add FortiGate B subnet for SSLVPN split tunneling networks. On FortiGate A, you need a firewall policy to allow ssl.root to the MPLS interface. On FortiGate B, you also need to add SSLVPN subnet to the firewall policy if NAT is disabled and you need a static route to SSLVPN subnet. 

 

Regards, 

93
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.