- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Lan useres to access SSL VPN client PC
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Lan useres to access SSL VPN client PC
hi,
I have a Fortigate 100D, due to current COVID situation, I have come across a requirement where some developers are testing some Code & Services.
They are using SSL VPN dialin to access my Office LAN but hey are deploying some Code/Service which requires to connect back to their Laptop from that Server in the LAN, I tried creating Rules but nothing worked.
SSL VPN >> LAN SERVER >> SSL VPN
Is there any Rule/Setting which can allow LAN systems to access any Client connected via SSL VPN
Thanks in advance.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've had to build this for telephony (softphone) requirements, so I am familiar with this concept. You might be thinking of the rules wrong. You can't think of it as all one thing the way you wrote it out (SSL VPN >> LAN SERVER >> SSL VPN); you need to break that down into two parts. Rules are based on SOURCE -> DEST, so you'd have a rule for SSL VPN >> LAN SERVER and then a rule that is the reverse of this: LAN SERVER >> SSL VPN
The limitation is that you won't be able to specify the user on the SSL VPN side for the destination. You'll need to either decide that it doesn't matter if the LAN SERVER can talk to one SSL VPN user or all of them, or you'll need to do some work on the SSL VPN settings so that different users use different IP pools and only the ones you want the LAN SERVER to be able to connect to get the IPs that you use for the destination of the reverse rule above.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thanks for reply.. That server is open to all Dialin Users as that is a Dev server.
Can you pls elaborate on how these rules are to be created.
Already there is a rule in Place to have full LAN access from SSL VPN side traffic.
Should I create a Rule
All traffic from SSL VPN to Server
All traffic from Server to VPN..
and remove the earlier created rules?
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI,
I would be really greatful if you could give some pointers to resolve this as we have deliverables and due to this limitations Developers are not able to Test their code.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure if I can make it clearer, but I'll restate it using partly your latest reply:
Already there is a rule in Place to have full LAN access from SSL VPN side traffic.
You now need to create a 2nd rule that is the reverse of this rule (source and destination interfaces are flipped, as are the address objects). Allow the server on the LAN to have full access to the SSL VPN traffic.
If this doesn't work, it's possible that there is a local firewall on their PCs that is causing the problem. I'm not sure what ports the server is trying to connect to on their PCs? This is a bit of an unusual requirement for an application as it does not seem to imitate real-world traffic, but perhaps they're running some element of the server on their PCs.
PM me if you need direct help, but it's really not particularly complicated unless you need to lock it down to only certain VPN users.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Vickey, just interested in hearing if you managed to sort it out?
I myself is having trouble routing from my LAN to the VPN clients. I Added a reversed version of the policy that currently goes from SSL-VPN to LAN but I still cannot reach (ping) vpn clients from LAN network.
VPN 10.212.139.0/24
LAN 192.168.101.0/24
NAT is enabled on both policies in and out should
Related Posts
- access problems towards vpn s2s 151 Views
- IPSec client is blocked by implicit... 397 Views
- Fortclient VPN Client Linux - IPSEC... 371 Views
- No internet access the user when... 344 Views
- Email POP3 block 154 Views
Labels
-
FortiGate
6,510 -
FortiClient
1,300 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
413 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiGateCloud
87 -
FortiSIEM
86 -
FortiCloud Products
82 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.