Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mumush
New Contributor

Forti client doesnt see local network

My computer that I use to connect to work with Ipsec Forti Client (VPN) is on a LAN. The problem is that when I am connected to this VPN, I lose access to my LAN. Printing to the network printer is not possible unless I disconnect from the VPN
9 REPLIES 9
ede_pfau
Esteemed Contributor III

hello, and welcome to the forums. If you specify the LAN address behind the tunnel then only matching traffic will traverse the tunnel. At the moment, it looks like ' 0.0.0.0/0' . If at your work place you use the LAN 192.168.33.0/24 then enter this in the FortiClient.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
mumush
New Contributor

Thanks for help Where i can write my work place address in FortiClient? We use FortiClient ver.5.0.7
ede_pfau
Esteemed Contributor III

FC v5 is configured on the FortiGate (mode-cfg).

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
mumush
New Contributor

ok. I test it. Thanks
mumush
New Contributor

Help me. Which command i write in mode-cfg in FC5 ?
ede_pfau
Esteemed Contributor III

How did you configure the FortiClient in the first place? IMHO the FortiClient VPN is configured on the Fortigate itself. The client only needs the gateway address, a username and the PSK (or cert). So, it looks like the config on the Fortigate is incorrect. Look at the phase2 parameters, Quick Mode selectors. ' Source' should be the LAN address behind the Fortigate and not ' 0.0.0.0/0' . ' Dest' is the LAN address behind the client, and as such unknown or variable, and set to ' 0.0.0.0/0' . If you are a FC user and not the FGT admin then you' ll have to talk to the admin. edit: It might as well be that the admin intends to have all traffic (even that to the internet) through the tunnel, for security reasons. As long as your computer is part of the company' s LAN (while tunnel up), internet traffic would be protected by the FGT.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
mumush
New Contributor

Yes. Its working. I didnt create split tunneling. Thank you )))
mumush
New Contributor

ok.Forti client connecting and i see my local network.... But i saw new problem.. Forti client doesnt reserved ip from Dhcp. I cannot see IP ADDRESS fron Dhcp list
scuba1900
New Contributor

I have a similar  problem.

Local network - 192.168.1.x

Remote  network - 192.168.1.x

SSL VPN  

Split tunnel  enabled

When connected  via  VPN, can access remote  services but cannot  print to  local printer 

When disconnected  from VPN can print  locally. 

 

Objective :

Be  connected  via SSL  VPN and  print to local  network  printer

 

Labels
Top Kudoed Authors