Hi,
We have an externally hosted webserver for which we want to limit access to certain services (ports) to a limited set of IP addresses. One of them is our office's WAN range. While working at the office this won't pose any problems.
The issue is when a user works from home we want them to be able to start the FortiClient which will set-up an SSL-VPN tunnel to the office-LAN and configure it in such a way that it intercepts traffic to server A (which is outside of our LAN) and sends it over the SSL-VPN tunnel. That way the external webserver thinks the traffic is coming from our company's WAN address and the protected services will be accessible.
The SSL-VPN is set up in split tunneling mode and when I add the external webserver the user's local route-table is updated with an additional route that sends the traffic to the ssl-vpn interface. But the traffic is not routable (tracert fails).
Anyone knows (1) whether this is possible and (2) how to do it?
Thanks!
Our community of experts have been thoroughly vetted for their expertise and industry experience.