Hello Team firmware version : Fortigate-60B 3.00-b0 744(MR7 Patch6) policies look : 1/ external -->internal action SSL-VPN All --->LAN 2/ssl.root ---->port 1 external all--->all accept 3/ ssl.root ---->port2 external accept PLZ have you demonstration with pictures to all steps in fortigate Thank you very much

Hello Team I configure Fortigate SSL VPN using this document :http://www.beyaz.net/tr/dokumanlar/fortinet-ssl-vpn-konfigurasyonu.html Connection --->OK ping --->NOK Please See attachement for recieved bytes Thank you

Hello Team just please verify with me this problem when i do ipconfig /all i have ansewer but gateway is wrong is the same like my ipadress so i can not ping PLease can you verify with me Thank you

Try changing your static route and use the destination as your ssl-vpn IP range and the gateway set to ssl.root The IP you are given will be the same as your gateway i.e. Say the range was configured 10.254.254.0/24 You connect to the VPN, you are given 10.254.254.1 as your address and this is also set as your gateway. You then attempt your ping, which is allowed using the following policies: External (Internet) -> ssl.root ACTION = SSL-VPN Service = ANY (also ensure you respective users/groups are defined in this policy) ssl.root -> Internal ACTION = ACCEPT Service = Any (change this once you have it working to ICMP_ANY or ECHO, etc) Now if you attempt to PING an Internal node it should work. Routing: i.e. internal 192.168.2.2 ping 192.168.2.2 With you being connected to the VPN, and your default gatetway being 10.254.254.1 the traffic will be forwarded to this interface. With your destination being set to the range 10.254.254.0/24 - gateway ssl.root, your policy ssl.root -> internal - ACCEPT - ANY should see these packets routed to the internal network. Providing the internal node does not have a firewall enabled, and routing is configured correctly you will get your reply? Hope this helps?

Hello Team I' m so sorry because i test with this configuration but allways the same problem This a part of my ipconfig /all Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethern et Physical Address. . . . . . . . . : X-X-X-X-X-X Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.5.183 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.5.1 DNS Servers . . . . . . . . . . . : 192.168.5.1 Ethernet adapter Local Area Connection 3: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Fortinet virtual adapter Physical Address. . . . . . . . . : X-X-X-X-X-X PPP adapter fortissl: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface Physical Address. . . . . . . . . : X-X-X-X-X-X Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 10.185.200.235 Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 10.185.200.235 DNS Servers . . . . . . . . . . . : 10.185.200.3 10.185.200.4 Primary WINS Server . . . . . . . : 10.185.200.4 Secondary WINS Server . . . . . . : 10.185.200.3 My IP range 10.185.200.235 ---->10.185.200.239 Please can you explain to me what i put in the part of static route destination IP/Mask : .................. Devise : ssl.root gatway 0.0.0.0 --->all time recieved bytes is 139 Thank you

you should use a different IP range from your internal range!