Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
magicmarker
New Contributor

Created on ‎10-30-2019 12:08 PM

SSL VPN – PC’s connected on SSL VPN cannot ping each other

I would like PC’s that connect over the SSL-VPN to ping and communicate to each other so I can ping and deploy software to users that are remote. Our SSL-VPN hands out the IP address in the 192.168.20.1/24 network.

 

Remote PC 1 192.168.1.100 <--> SSL-VPN 192.168.20.1 <--> FortiGate FW

Remote PC 2 192.168.2.100 <--> SSL-VPN 192.168.20.2 <--> FortiGate FW

 

I would like Remote PC 1 to be able to communicate to Remote PC 2 using the SSL-VPN IP addresses in the 192.168.20.1/24.

Labels:
4260
0 Kudos
1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

Created on ‎10-30-2019 03:07 PM

We regularly don't allow client-to-client traffic for security concern. But when I run "flow debug" it showed " iprope_in_check() check failed on policy 0, drop". This means "no proper policy".

So I added ssl.root->ssl.root (actual interface was different due to muti-vdom environment) policy from/to the Client subnet to/from the same subnet. And now I can ping each other.

1581
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.