We have a FGT80F, and have set up dial-in ipsec vpn for the users to access office network.
Users are able to reach their local network printers at their remote site (enabled "allow access to local network" in FortiClient config).
But at one spesific remote location, the users PC use 192.168.4.x/24 network for LAN on PC, and then uses a printer which is set up with 10.25.254.250 (it is a hired office, and we do not administer the network there...). When VPN connected, he is not able to reach the printers ip (ping). Is there anything we can do in the FortiClient or fortigate VPN config to allow access to all local subnets?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Oibekk,
To allow all local lan subnets, you have to make sure that you add the subnets in the firewall policy as destination. And if split-tunneling is on you will also have to add these extra subnets in phase1 and in address group.
config vpn ipsec phase1-interface
edit "tunnel_name"
set ipv4-split-include "local_network"
next
end
config firewall address edit "local_subnet_1" set subnet 10.10.111.0 255.255.255.0 next edit "local_subnet_2" set subnet 10.10.112.0 255.255.255.0 next end config firewall addrgrp edit "local_network" set member "local_subnet_1" "local_subnet_2" next end
Reference document:
Hi @oibekk
Run the sniffer on the FGT local :
diagnose sniffer packet any "host 192.168.7.5 and icmp" 4 0 l -------------> replace IP with your local machine IP.
If you are noticing the traffic coming into your local interface and going out it means there is no issue with the policy part.
Check same by running the command on the remote FGT also.
This will help to isolate the issue.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.