SSL VPN packet flow tunnel mode vs web mode

Umesh · ‎02-19-2025

Hello community.

Can anybody make me understand two things as I mentioned in subject, how packet flow happens If first time remote users (SSL VPN user using forticlient) connect to organization networks.

I have search a lot but couldn't find packet flow.

Your support will be more applicable.

Thanks.

AEK · ‎02-21-2025

Hello Umesh

I'm not sure if I understand well your question but I'll try to respond as per my understanding.

In Web mode you connect via your browser to the FortiGate's Web server, which (FGT) acts as a proxy and becomes the direct client of the back-end servers, while your laptop is the direct client of the FortiGate's Web server.

In tunnel mode FortiGate doesn't act as a proxy, the tunnel makes your laptop just like if it was on the local Corp network, so you access directly to the back-end servers without any proxy in between.

Hope this is what you are looking for.

AEK

dingjerry_FTNT · ‎02-22-2025

Hi @Umesh ,

What @AEK said is correct.

More info:

SSL VPN web mode is a clientless solution with a connection via the web portal (using a browser).

So technically, if you use FortiClient to connect to the SSL VPN, it is not web mode. It is tunnel mode.

Regards,

Jerry

SSL VPN packet flow tunnel mode vs web mode

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website