hi rwpatterson and Alby23, thank you for your comments. the SSL Clients and the Network elements are on different subnets. But they are all private IPs.
SSL VPN Tunnel Address: 192.168.200.100 ~ 192.168.200.150
Network Element Addresses: 192.168.2.0/24
Under IPv4 policy, I do not have LAN as source and ssl.root as destination - I follow the SSL VPN configure on the document site (http://cookbook.fortinet.com/ssl-vpn-for-remote-users/
), NAT is enabled, what if I disabled NAT, since the client is getting IP from the SSL VPN Tunnel IP ranges. I'll try adding that policy tomorrow and try it out again.
Below is what I have on the IPv4 policy
ssl.root (sslvpn tunnel interface) <=> WAN interface
SSLVPN_Tunnel_Address(192.168.200.100 ~ 192.168.200.150) all (0.0.0.0/0)
ssl.root (sslvpn tunnel interface) <=> LAN interface
SSLVPN_Tunnel_Address(192.168.200.100 ~ 192.168.200.150) core (192.168.2.0/24)
post edited by kuoman - 2017/02/01 19:13:45