Fortigate SSL VPN issue.
In our office firewall is using fortigate 101E ,we has configure SSL VPN to allow our user work from home.
Recently they feedback the can not access one of the FTP server in cloud at home but if using office network then no issue.
I believe that FTP server just allow our office Internet IP and our in our firewall we has turn on split tunneling.
I guess this this server is not the inside the office LAN so the SSL VPN are using thier home IP address.
i know if I disable disable split tunneling traffic will route all the SSL VPN user access internet via office firewall.But we do not want this option.
may I know Any way to allow SSL VPN user to access this FTP server in cloud ?
Recently they feedback the can not access one of the FTP server in cloud at home but if using office network then no issue.
I believe that FTP server just allow our office Internet IP and our in our firewall we has turn on split tunneling.
I guess this this server is not the inside the office LAN so the SSL VPN are using thier home IP address.
i know if I disable disable split tunneling traffic will route all the SSL VPN user access internet via office firewall.But we do not want this option.
may I know Any way to allow SSL VPN user to access this FTP server in cloud ?
just add the ip of the external site
go to VPN -> SSLVPN-PORTAL
Select youre portal
under Routing Address.
Go to Policy and Objects -> IPv4 Policy
add a firewall rule from zone SSL-VPN Tunnel interface to the wan
Incomming interface SSL-VPN tunnel interface
Outgoing interface {Wan port}
source address: ssl-vpn pool
source user : sslvpn user group
Destination addres : adres of the ftp side
service ftp
Nat enabled.
and check if the client is tunneleling the device over the vpn tunnel.
go to VPN -> SSLVPN-PORTAL
Select youre portal
under Routing Address.
Go to Policy and Objects -> IPv4 Policy
add a firewall rule from zone SSL-VPN Tunnel interface to the wan
Incomming interface SSL-VPN tunnel interface
Outgoing interface {Wan port}
source address: ssl-vpn pool
source user : sslvpn user group
Destination addres : adres of the ftp side
service ftp
Nat enabled.
and check if the client is tunneleling the device over the vpn tunnel.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
That is very likely the issue. With split tunneling, when your remote users try to access the FTP server, the request is seen as coming from their (remote) IP address and the FTP server is rejecting it.
I'm not familiar enough with the Fortigate VPN setup, so I can't tell you specifically how to resolve this. I would expect that you need to set up some sort of Route command for workstations when they connect to the VPN to route communications to the FTP server through the VPN. It should be a simple task once you find out where to do it. As a test, you could do an appropriate Route command on a workstation from a CMD prompt (I'm assuming Windows OS is in use on the workstations) to see if that resolves the issue. You'd use something similar to:
route -4 add <FTP IP address> <VPN gateway IP>. That may not be exactly correct but should be a good start. You could add "-p" after "-4" to make the system remember the new route after rebooting.