Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
magicmarker
New Contributor

SSL VPN – PC’s connected on SSL VPN cannot ping each other

I would like PC’s that connect over the SSL-VPN to ping and communicate to each other so I can ping and deploy software to users that are remote. Our SSL-VPN hands out the IP address in the 192.168.20.1/24 network.

 

Remote PC 1 192.168.1.100 <--> SSL-VPN 192.168.20.1 <--> FortiGate FW

Remote PC 2 192.168.2.100 <--> SSL-VPN 192.168.20.2 <--> FortiGate FW

 

I would like Remote PC 1 to be able to communicate to Remote PC 2 using the SSL-VPN IP addresses in the 192.168.20.1/24.

1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

We regularly don't allow client-to-client traffic for security concern. But when I run "flow debug" it showed " iprope_in_check() check failed on policy 0, drop". This means "no proper policy".

So I added ssl.root->ssl.root (actual interface was different due to muti-vdom environment) policy from/to the Client subnet to/from the same subnet. And now I can ping each other.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors