Chris Murray
asked on
Fortigate 60E can't access local printers while in VPN
We are setting up our new fortigate 60e and ran into a problem accessing our local printers while in Remote Desktop via the vpn. The Interfaces are setup us as split tunneling. Could we of setup the DHCP server (Fortigate 60e) incorrectly?
Our printer's IP is 192.168.1.144. The 60E is set with the inside gateway 192.168.1.99 netmask 255.255.255.0 with a ip range 192.168.1.110 to 192.168.1.210
Thank you
Our printer's IP is 192.168.1.144. The 60E is set with the inside gateway 192.168.1.99 netmask 255.255.255.0 with a ip range 192.168.1.110 to 192.168.1.210
Thank you
Martyn Spencer
If you are routing all traffic via the VPN tunnel, it may prevent traffic being routed locally, depending on the VPN client settings. Also, some VPN clients allow you to block local devices for security reasons. Finally, if your local network shares the same IP subnet as the network at the end of the tunnel, you will lose access to local devices. To avoid this, you would need to have a different set of subnets locally and remotely.
You want to reserve that ip within the DHCP scope for that printer, or remove it from the scope altogether.
ASKER
I placed the printer's IP out of range of the DCHP and that didn't resolve the problem. Thank you both of taking time to answer. I'm not sure what you meant by removing from scope.
Did you understand my explanation for the possible cause of the issue? What is the IP address of the network at the other end of the VPN tunnel? The network with the printer is 192.168.1.0/24 (the 24 refers to the number of bits in the netmask, which means the netmask is 255.255.255.0).
ASKER
I admit most of this is above my head, The address at the other end of the tunnel would be xxx.xxx.217.192/255.255.25
our other offices have different IP ranges like 192.168.20.1 we're able to access the other offices printers. I hope is clarifies things. I appreciate you time and help with this.
our other offices have different IP ranges like 192.168.20.1 we're able to access the other offices printers. I hope is clarifies things. I appreciate you time and help with this.
OK. So other networks have different IP subnets, which is fine. It is possible that if you are using the Fortigate client that it is blocking local devices. I don't use Fortigate myself, but have read a number of posts here that indicate that this is what could be happening. If all traffic from the PC that is connecting is routed over the VPN tunnel, it will effectively prevent you using local resources. Reading the Fortinet documentation leads me to believe that you are not operating in this mode if using split tunnelling.
If the VPN is disconnected, do you receive a ping response from the printer? You should, unless it has been disabled. Assuming you do, when the VPN is connected, do you still see a ping response? If you do, what happens if you carry out a traceroute or tracepath to the printer? The response should indicate a direct connection from your PC to the printer.
If the VPN is disconnected, do you receive a ping response from the printer? You should, unless it has been disabled. Assuming you do, when the VPN is connected, do you still see a ping response? If you do, what happens if you carry out a traceroute or tracepath to the printer? The response should indicate a direct connection from your PC to the printer.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.