Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pxiannie
New Contributor III

Created on ‎01-15-2024 05:48 PM Edited on ‎01-17-2024 01:34 AM

How to connect to Local LAN using FortiClient SSL VPN

I'm able to connect to the ssl vpn, after connected I can access to my f drive but when I ping my server name I can't find my host server. Also, I cant access to http://servername:5050/Login.aspx , it shows me DNS resolve failed, but I can access to http://192.168.X.XX:5050/Login.aspx 

Policy 1

Incoming Interface: lan
Outgoing Interface: virtual-wan-link
Source: all
Destination: all
Action: Accept
Service: all

 

Policy 2

Incoming Interface: SSL-VPN tunnel interface (ssl.root)
Outgoing Interface: lan
Source: SSL-VPN Address, Employees user group
Destination: Local-LAN
Action: Accept
Service: all


How to solve this problem? Please help T.T

FortiClient 

Labels:
1648
0 Kudos
1 Solution
AEK
SuperUser
SuperUser
In response to pxiannie

Created on ‎01-17-2024 11:04 PM

I don't think so.

You have set a public dns, while your internal server's IP is private.

You have to set DNS IP to your internal DNS server.

AEK

View solution in original post

AEK
1275
12 REPLIES 12
Nik_Aiman
Staff
Staff

Created on ‎01-15-2024 08:25 PM

Hi there,

 

Looks like your machine unable to resolve dns.

 

Do you have a sslvpn policy to allow your client to reach to dns server?

1321
AEK
SuperUser
SuperUser
In response to Nik_Aiman

Created on ‎01-15-2024 11:29 PM

In addition to @Nik_Aiman 's comment, you may check if SSL VPN server config on FortiGate assigns DNS server IP to clients. This should be the IP of your remote LAN's DNS server.

AEK
AEK
1304
pxiannie
New Contributor III
In response to AEK

Created on ‎01-17-2024 12:05 AM Edited on ‎01-17-2024 12:20 AM

Hi, the remote LAN's DNS server is refer to the DNS server or Dynamically Obtained DNS Servers ? I'm confused with this two, currently my dns in config vpn ssl settings are same with dns in config system dns.

1113
0 Kudos
pxiannie
New Contributor III
In response to Nik_Aiman

Created on ‎01-16-2024 11:51 PM Edited on ‎01-16-2024 11:51 PM

What u mean is I have to set dns server to ssl.root? To reach the dns server is it have to set in interface? I try to set the dns server but it show error: command parse error before 'dns-server1'
Command fail. Return code -61
edit "ssl.root"
set vdom "root"
set ip 10.10.10.0 255.255.255.255
set allowaccess ping
set type tunnel
set alias "SSL VPN interface"
set snmp-index 4
next

1118
0 Kudos
AEK
SuperUser
SuperUser
In response to pxiannie

Created on ‎01-17-2024 01:53 AM Edited on ‎01-17-2024 01:54 AM

ello

You can set the DNS servers here. The client will use these DNS servers for hostname resolution once it connects to SSL VPN.

 

kb_8612_2

AEK
AEK
1072
pxiannie
New Contributor III
In response to AEK

Created on ‎01-17-2024 08:12 PM Edited on ‎01-17-2024 08:13 PM

I did set my DNS server for SSL VPN. I set it based on DNS settings, does it correct?

1.png

 

 

 

 

 

 

 

 

 

 



2.png

 

1020
0 Kudos
AEK
SuperUser
SuperUser
In response to pxiannie

Created on ‎01-17-2024 11:04 PM

I don't think so.

You have set a public dns, while your internal server's IP is private.

You have to set DNS IP to your internal DNS server.

AEK
AEK
1276
pxiannie
New Contributor III
In response to AEK

Created on ‎01-17-2024 11:36 PM

I'm able to access my local server after specify the DNS ip same as my internal DNS server !! Thanks !! You really help me a lot!! 

978
0 Kudos
smayank
Staff
Staff

Created on ‎01-16-2024 03:00 AM

Hello

 

It seems DNS is not getting resolved. Please check if DNS IP address is assigned by fortigate.

If DNS server is behind firewall you can create DNS and it will be pushed towards the client

Thanks & Regards 
Mayank Sharma

1182
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.