Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Akmostafa
New Contributor II

hub to spoke traffic in fortigate as ssl vpn client deployment

Hello Team,

 

Practically when configuring Fortigate as SSL vpn clients, users behind the client Fortigate can reach hosts behind the server Fortigate, but the other direction is not working. Moreover, the client to server direction does not work unless NAT is enabled in the corresponding firewall policies.

Even when configuring a static route on the server Fortigate to direct traffic to the client subnet throught the ssl vpn interface the scenario is not working.

Packet capture and debug flows on the server Fortigate shows that traffic is entering the tunnel, but nothing shows on the client Foritigate.

1 REPLY 1
Sheikh
Staff
Staff

Hello @Akmostafa 

 

Enable  following debugs on Hub and spoke to see what is happening.

diag debug reset

diag debug app sslvpn -1

diag debug app fnbamd -1

diag debug console timestamp enable

diag debug enable

 

Moreover, following docs might help you.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-configuration-as-SSL-VPN-Hub-ser...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-acting-as-a-SSLVPN-client/ta-p/2...
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/508779/fortigate-as-ssl-vpn-...

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
Top Kudoed Authors