SSL VPN - PC connected via SSL VPN is not ping-able
When the PC is connected via SSL VPN, it gets an IP (ie. 192.168.1.101). The PC can ping any devices on 192.168.1.0/24, however when I tried to ping to the PC (192.168.1.101). it is not reachable. Not sure if there is some additional setting that I need to config?
Remote PC (192.168.1.101) <=> FortiGate FW <=> network elements (ie. 192.168.1.50)
PING from 192.168.1.101 to 192.168.1.50 works
PING from 192.168.1.50 to 192.168.1.101 is not working (unreachable)
Never going to work. The source and destination are on the same subnet. The FGT creates a virtual interface to connect to the LAN. If you look at the VPN monitor you will see the real IP address as well as the address the firewall is handing out to connect in. You MAY be able to ping the ssl-root IP address. I have never tried it, but you will not be able to ping the native address in this situation. This is why I stress when you create your network, don't be lazy and change the subnet on the system to anything but the default. Changing it before everyone gets set up is far easier than after you have 100 devices on it and run into an issue. (case in point)
Under IPv4 policy, I do not have LAN as source and ssl.root as destination - I follow the SSL VPN configure on the document site (http://cookbook.fortinet.com/ssl-vpn-for-remote-users/), NAT is enabled, what if I disabled NAT, since the client is getting IP from the SSL VPN Tunnel IP ranges. I'll try adding that policy tomorrow and try it out again.
Below is what I have on the IPv4 policy
ssl.root (sslvpn tunnel interface) <=> WAN interface
SSLVPN_Tunnel_Address(192.168.200.100 ~ 192.168.200.150) all (0.0.0.0/0)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.