Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Csiti
New Contributor

Vlan route

Hello!
I have a FortiGate 80F, internal address range 1.
I created two vlan on fortigate, 3 and 5  and set up ssl vpn 11. The vpn works fine, except that I can't reach any vlan address, even though I set up a firewall rule for all of them and I have also selected the two vlan addresses in the ssl vpn portal in addition to the internal one in the routing address override menu. I could not set static root because I always got the error message : Gateway IP is the same as the interface IP, please choose another IP address. I think this is a problem because the vlan should be available on the local network, but there is no gateway between them.
Please if anyone knows the solution please help.

Csiti
Csiti
12 REPLIES 12
Toshi_Esumi

"internal" is the default non-tagged vlan switch interface (192.168.1.99/24), which is the parent interfaces of those two VLAN sub-interfaces you created. You need to create policies VLAN3->VLAN5, VLAN5->VLAN3, ssl.root->VLAN3 and ssl.root->VLAN5.

 

In another words, in the policies VLAN interfaces are independent interfaces, just like the default internal interface.

 

Toshi

ebilcari

That's right, this a snapshot from my lab config:

2023-07-26 09_56_23-FortiGate - GW — Mozilla Firefox.png

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
sw2090

yes exactly - you do not need a route on the FGT but you do need one on your client on the other end of your vpn. So you either need to do split tunneling or change the client's default route so all of its network traffic will hit the FGT.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors