Hi Guys,
I'm facing this issue with the current implementation that we have.
We use the network 10.0.0.0/16 on our internal infra structure, if a client uses the forticlient on a guest wifi that uses the same subnet and connects to the forticlient the route will match to the internal guest wifi and not to the default route pointing to the fortigate.
My idea was to when the client connects to the ssl-vpn with the default route a route for 10.0.0.0/16 pointing to the tunnel should appear.
Do anyone had this same issue?
Also thought if is possible to do this on EMS and the "On Connect Script"
Our previous infra structure, cisco anyconnect that was possible.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
There are few clarifications required to start to answer your question.
Typically, if you are using 10.0.0.0/16 internally you would introduce NAT at your edge to protect your self from routing issues, as the one you describe.
Why do you have to use the same 10.0.0.0/16 for Guest WiFi network at the first place? It's for guests so wouldn't matter what IP range they get, would it? You're supposed to separate guest networks from corp/internal network for security reasons. Assigning a different subnet like 10.255.0.0/16 makes traffic/security management and troubleshooting much easier and avoid headaches.
So basically this issue happened when a user of ours that is a road warrior and he went to a company that used the 10.0.0.0/16 has guest wifi.
That is my issue.
Some devices will cache the last know IP.
In most cases this is a function of the Operating System.
For Windows you can test this by running a ipconfig to see the current value, ipconfig /release to force a stack reset, followed by ipconfig /renew, to force a DHCP discovery.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.