Hi all, This is my first post on these forum, so hello to everybody.
I have problem with access to remote station who is connected via ssl vpn from internal network.
This station - Windows 10 has correct configure windows firewall.
First I check connection via user1 with full permission to internal network (Policy - destination address - all) I establish connection from internal network eq. RDP to remote station and I can connect to this station.
But when is connected user2 who has access only to one destination address from ssl.root, but from this same remote station, I can't connect to this station.
To test I try to connect from internal ip address, who Policy - destination address - all and can't connect user2 I checked debug flow and show allowed.
How resolve this problem?
When you check and compare routing table on user1 and user2 machine you would see user1's default route is pointing into the vpn tunnel GW, while user2's machine doesn't have the additional different route but only route to the allowed destination address. Then the tunnel is split and using the local default route for the internet.
When you access from your test machine with an internal IP address, which is not the user2's vpn destination address, the returning route is going toward the local internet. That's why it doesn't work. If you want access those vpn client machine from the server(FGT) side or behind the FGT, those IPs need to be added to user2's allowed destinations too.
I checked routing table on user1 and user2 and doesn't have this same route address. How correctly add policy to estabilished connection, becouse I don't wont add full access to internal IP address for remote user?
If you split tunnel, only one policy ssl.root -> [whatever the internal interface is] is involved. But you need to put the same addresses/groups to a portal too as Routing Address in the cookbook below.
https://cookbook.fortinet.com/ssl-vpn-for-remote-users/
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.