Unable to reach printer on local network with dial-in ipsec VPN
We have a FGT80F, and have set up dial-in ipsec vpn for the users to access office network.
Users are able to reach their local network printers at their remote site (enabled "allow access to local network" in FortiClient config).
But at one spesific remote location, the users PC use 192.168.4.x/24 network for LAN on PC, and then uses a printer which is set up with 10.25.254.250 (it is a hired office, and we do not administer the network there...). When VPN connected, he is not able to reach the printers ip (ping). Is there anything we can do in the FortiClient or fortigate VPN config to allow access to all local subnets?
To allow all local lan subnets, you have to make sure that you add the subnets in the firewall policy as destination. And if split-tunneling is on you will also have to add these extra subnets in phase1 and in address group.
config vpn ipsec phase1-interface
set ipv4-split-include "local_network"
config firewall address
set subnet 10.10.111.0 255.255.255.0
set subnet 10.10.112.0 255.255.255.0
config firewall addrgrp
set member "local_subnet_1" "local_subnet_2"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.