Let me explain.
Users SSL VPN into firewall A.
Firewall A send the traffic to firewall B via a site to site vpn.
So I have to configure an SSL VPN interface on firewall B to accept the traffic from A.
How do I do it?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
No, there's no need to create a SSL interface.
On firewall A you need : srcintf ( ssl interface ) dstintf ( ipsec tunnel ) srcaddr ( vpn group / vpn pool ) dstaddr ( subnet on firewall B )
On firewall B you beed : srcintf ( ipsec tunnel ) dstintf ( interface for the local subnet to be reached by the users ) srcaddr ( sslvpn pool ) dstaddr ( local subnet )
Check this doc.
https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/45836/ssl-vpn-to-ipsec-vpn
Hope it helps.
Hi,
No, there's no need to create a SSL interface.
On firewall A you need : srcintf ( ssl interface ) dstintf ( ipsec tunnel ) srcaddr ( vpn group / vpn pool ) dstaddr ( subnet on firewall B )
On firewall B you beed : srcintf ( ipsec tunnel ) dstintf ( interface for the local subnet to be reached by the users ) srcaddr ( sslvpn pool ) dstaddr ( local subnet )
Hi @BusinessUser,
On both firewalls, you need to add SSLVPN subnet to phase2 selectors of the IPsec tunnel and also add it to the firewall policy accordingly. Please refer to the document shared by AEK.
Regards,
Hi @BusinessUser,
Make sure you add the SSL VPN subnet to P2 and have policy as well as routing accordingly. You can use the following command for troubleshooting also:
diag debug reset
diag debug flow filter addr x.x.x.x (SSL VPN IP)
diag debug flow show ip en
diag debug flow show func en
diag debug console time ena
diag debug ena
diag debug flow trace start 999
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.