Hi FG Administrators,
I'm curious if it's possible to reach the Fortigate Administrator console (HTTP/HTTPS) while connected by a VPN connection.
Technically:
User Bob is connected from an external connection to a Fortigate's VPN tunnel, with IP address 192.168.4.10 which has been configured in the VPN range. Bob tries to access the fortigate's web interface by browsing 192.168.3.254 over HTTPS, but doesn't see any login page ( timeout ). The user BOB has access to the x.x.3.0/24 range because it is able to reach another device on the same SUBNET.
Thanks in advance!
Fortinet Network Security Professional (NSE4)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes you can access the management from the VPN. In theory what you've configured should work fine, there's nothing special you need to configure.
I would recommending double-checking a few things:
1. Are you sure that Bob has access to the /24 sub-net? Does Bob have 192.168.3.0/255.255.255.0 injected into his routing table when he connects to the VPN?
2. Does the VPN policy from ssl.root > internal interface give Bob access to the .3.0/24 sub-net or only a few IP addresses? Does it have HTTPS enabled for this policy and is the management port on the FortiGate 443?
3. Do you have any IP restrictions on the admin users?
Thanks Neonbit for the reply,
Let me clarify a few things:
- User Bob is using an IPSec tunnel ( using the FortiClient mechanism )
- There is no static route given for the IPSec tunnel, because this interface cannot be chosen
- There is a firewall policy from FC_Client(VPN RULE) 192.168.4.10-20 -> Z-INTERNAL 192.168.3.0/24 allowing all traffic. NAT is disabled.
Fortinet Network Security Professional (NSE4)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.