Description | This article demonstrates how to access a local host from an SSL VPN and vice versa. |
Scope | All supported versions of FortiOS. |
Solution |
After connecting to the SSL VPN, the usual process is to connect to the resources located in the inside network. However, it is not possible to connect from the inside network to the remote SSL VPN host. Some scenarios may require the inside host to communicate with the remote host after connecting to the SSL VPN.
The step-by-step configuration template is given below. It is recommended to change the IP address as per the deployment scenario:
SSL VPN Configuration:
config vpn ssl settings set servercert "Fortinet_Factory" set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1" set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set port 8443 set source-interface "wan2" set source-address "all" set source-address6 "all" set default-portal "tunnel-access" config authentication-rule edit 1 set users "<username>" set portal "full-access" next end end
SSL VPN Portal:
config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" next end
Firewall Policy:
config firewall policy edit 3 set name "sslvpn-to-inside" set srcintf "ssl.root" set dstintf "internal" set action accept set srcaddr "SSLVPN_TUNNEL_ADDR1" set dstaddr "internal" set schedule "always" set service "ALL" set logtraffic all set users "salem" next end
This policy will enable the traffic to go to the SSL VPN host from the inside host.
config firewall policy edit 4 set name "inside-to-sslvpn" set srcintf "internal" set dstintf "ssl.root" set action accept set srcaddr "internal" set dstaddr "SSLVPN_TUNNEL_ADDR1" set schedule "always" set service "ALL" set logtraffic all next end
Related article: SSL VPN full tunnel for a remote user - FortiGate administration guide. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.