Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JimFrantz36DC
New Contributor

Communications between two VPN clients?

With a lot of remote workers as of today we have a situation with a couple apps (VoIP and screenshare) that require direct client to client communications.  But that seems to be blocked with any of the documented standard configurations. VPN client to our internal and several remote networks function just fine, but one VPN client cannot talk to another.  Makes sense security-wise (like similar restriction on our wireless network) but with current WfH situation not practical. Not even sure I could create ssl.root interface to ssl.root policy as that would seem both unnecessary and incestuous somehow but I'm at a loss of how else I might allow this.  Documentation, cookbooks and forum searches have come up empty.  Can anyone help or definitely say no way?

1 Solution
Toshi_Esumi
Esteemed Contributor III

I answered the exact same question yesterday or a day before yesterday in this forum. An ssl.root to ssl.root policy allows traffic between ssl vpn users. You just need to test it yourself before asking. It wouldn't hurt anything.

View solution in original post

3 REPLIES 3
Toshi_Esumi
Esteemed Contributor III

I answered the exact same question yesterday or a day before yesterday in this forum. An ssl.root to ssl.root policy allows traffic between ssl vpn users. You just need to test it yourself before asking. It wouldn't hurt anything.

JimFrantz36DC

Sorry, I did try searching but forum search is not wonderful and the answer had obviously not been indexed by Google yet..  And blindly making a change when there are a couple of dozen critical remote users VPN-ed in already is a little too risky to just "test".

ede_pfau
Esteemed Contributor III

True, the forum's search capability is...below par. Has been for years sigh.

 

"incestuous" is a daring word in this context, but OK...You may safely create this policy. The construct "interfaceX to interfaceX" is not uncommon.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Top Kudoed Authors