Hot!SSL VPN traffic and Virtual IP

Author
Gabana
New Member
  • Total Posts : 13
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/01/30 23:24:29
  • Status: offline
2018/01/31 22:06:39 (permalink)
0

SSL VPN traffic and Virtual IP

Hi
this is Payam and this is my first post here :)
we have an issue and this is about SSL VPN and Virtual IPs
when we connect to our network with SSL VPN we can not access Objects with their Virtual IP but that object is accessible with its local IP address.
there is no same zone between SSL VPN interface and the interface that we use to access the object
also the rule is from our source , from SSL VPN interface to All with service All
 
can anyone help to solve this issue ?
#1

4 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1346
    • Scores: 101
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: SSL VPN traffic and Virtual IP 2018/02/01 09:20:29 (permalink)
    0
    First, Welcome!
    Then, does the route exist back from the objects toward the SSL VPN client IPs? Also if it's split tunnel, is the objects' subnet specified in the portal config as well as the other subnets they need to reach?
    #2
    Gabana
    New Member
    • Total Posts : 13
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/01/30 23:24:29
    • Status: offline
    Re: SSL VPN traffic and Virtual IP 2018/02/13 01:02:19 (permalink)
    0
    yes the route exists
    the problem is we can not define VIP in the rule, only if i use any ad incoming interface then we can use VIP.
    #3
    Toshi Esumi
    Expert Member
    • Total Posts : 1346
    • Scores: 101
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: SSL VPN traffic and Virtual IP 2018/02/13 09:40:00 (permalink)
    5 (1)
    I think the problem is extintf/extip of your VIP is bound to the external interface facing the internet. SSL VPN is coming past that interface and terminated inside. So can't access the outside of the external interface. The same thing would happen when you try accessing outside interface of VIP from a local device connected to internal interface.
    Why don't you use the local IP of the servers to access them via SSL VPN? That's the whole purpose of SSL VPN. VIP is for the access coming from Internet without a VPN.
    #4
    boisrobe
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/01/22 02:12:21
    • Status: offline
    Re: SSL VPN traffic and Virtual IP 2019/01/22 05:46:28 (permalink)
    0
    same problem for me.
    The problem is that I don't have the choice of the ip cause it's a FQDN own in a dns which is not in my organization.
     
    so I use a VIP, exclude this address from my proxy.pac and use a firewall rule. It works from lan, wifi but not with vpn ssl with client.
    With the portal web the url work.
     
    How can I use this with fortinet ?
    #5
    Jump to:
    © 2019 APG vNext Commercial Version 5.5