Issues connecting to remote SSL VPN connected client

kaika313 · ‎02-15-2023

Hi,

we're using a FortiGate 100E (v6.0.2 build0163 (GA)) with SSL VPN configured. Remote clients are assigned the entire 10.0.95.0/24 subnet while LAN 192.168.1.0/24 subnet.

No troubles for the remote subnet to access the internal LAN but cannot find a way to make internal LAN access SSL clients. I've tried to set a specific policy to enable traffic from LAN to SSL subnet but it seems to be ignored. Also, the route isn't correct because if I make a tracert from an internal LAN device pointing to a remote client it seems that the FortiGate sends the packet to the outside instead of redirecting them to the remote client through the tunnel interface. What I am missing?

Thank you

This is the policy that I tried:

Schermata 2023-02-15 alle 11.24.48.png

gfleming · ‎02-16-2023

Bugs happen. It could be you are hitting one.

Without support you cannot talk to TAC nor can you run a supported FortiOS version. Right now you are exposing yourself to a lot of risk from a vulnerability, functionality and accessibility standpoint.

Please get support renewed on your Firewall and get it updated ASAP.

Cheers,
Graham

View solution in original post

amouawad · ‎02-16-2023

Could you try enabling NAT on the LAN > SSL policy and test again?

kaika313 · ‎02-16-2023

Also tried this, but it's not working

gfleming · ‎02-16-2023

You're running end-of-support FortiOS code on that Firewall. Strongly suggest you first upgrade to something supported (6.4 at least, 7.0 ideally).

Then if the problem persists we start troubleshooting again.

Cheers,
Graham

Issues connecting to remote SSL VPN connected client

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website