Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
razor
New Contributor III

Reaching FG-Access from VPN connection

Hi FG Administrators,

I'm curious if it's possible to reach the Fortigate Administrator console (HTTP/HTTPS) while connected by a VPN connection.

 

Technically:

User Bob is connected from an external connection to a Fortigate's VPN tunnel, with IP address 192.168.4.10 which has been configured in the VPN range. Bob tries to access the fortigate's web interface by browsing 192.168.3.254 over HTTPS, but doesn't see any login page ( timeout ). The user BOB has access to the x.x.3.0/24 range because it is able to reach another device on the same SUBNET.

 

Thanks in advance!

Fortinet Network Security Professional (NSE4)

Fortinet Network Security Professional (NSE4)
2 REPLIES 2
neonbit
Valued Contributor

Yes you can access the management from the VPN. In theory what you've configured should work fine, there's nothing special you need to configure.

 

I would recommending double-checking a few things:

 

1. Are you sure that Bob has access to the /24 sub-net? Does Bob have 192.168.3.0/255.255.255.0 injected into his routing table when he connects to the VPN?

 

2. Does the VPN policy from ssl.root > internal interface give Bob access to the .3.0/24 sub-net or only a few IP addresses? Does it have HTTPS enabled for this policy and is the management port on the FortiGate 443?

 

3. Do you have any IP restrictions on the admin users?

razor
New Contributor III

Thanks Neonbit for the reply,

 

Let me clarify a few things:

- User Bob is using an IPSec tunnel ( using the FortiClient mechanism )

- There is no static route given for the IPSec tunnel, because this interface cannot be chosen

- There is a firewall policy from FC_Client(VPN RULE) 192.168.4.10-20 -> Z-INTERNAL 192.168.3.0/24 allowing all traffic. NAT is disabled.

 

 

Fortinet Network Security Professional (NSE4)

Fortinet Network Security Professional (NSE4)
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors