Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Hide private wan IP in SSL-VPN

Hello All!
We have configured a SSL-VPN in a Fortigate 60F. The firmware version is 7.2.5.
This box is behind the Company's firewall so the public IP address is "nated" to the internal IP of the WAN interface.

The tunnel is stablished and seems to work fine. The problem is that the internal IP address (that of the WAN interface) appears in the fortclient app as the remote address of the tunnel.
This is a security risk, so we need to hide this IP.
Does anyone has an idea on how to do this?
Thank you!



Hi @cpd ,


As I have understood you have the below setup

[SSLVPN user]--------[Internet]-------<<Public wan [Companys FW] Private lan >>-------------<<Private wan [Fortigate FW] lan>>


And you have mentioned you are able to see the private ip address of the FortiGate wan interface in Forticlient, could you please correct me If I am wrong?

Can you share  error screenshots, to understand better?



New Contributor

Hello @chauhans !
That'a correct. The Fortclient Android App is showing the private IP address. Obviously, it is connecting to the public IP address.

In the picture below the address 10.10.x.x is the internal IP address of the wan interface of the Fortigate:




I don't think it's hidable. Why do you think it's a security risk? 10.10.x.x IP is not reachable from the internet just like And, if the users are savvy enough, they can easily see that IP once they get in an internal device with traceroute or other methods anyway.




Hello @Toshi_Esumi!
Any private information exposed to public is a security risk at some level.
In this case, the IP is a valid address for an internal firewall. Even if users could use some tools to get this information won't justify to give it for free.

We have other equipments (non Fortinet) providing the same type of VPN access and effectively hiding the internal IP Addresses. This, in fact, should be the default behavior.
Thank you.


Then you need to ban using the smartphone app. The client app on laptop PC/Mac wouldn't show that.



New Contributor

This is the print of the Configuration in the App. Using an URL to point to the public IP Address:




Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors