{"id":2633,"date":"2017-08-23T07:01:57","date_gmt":"2017-08-23T07:01:57","guid":{"rendered":"http:\/\/pariswells.com\/blog\/?p=2633"},"modified":"2017-08-23T07:01:57","modified_gmt":"2017-08-23T07:01:57","slug":"how-to-add-a-routable-subnet-to-a-fortigate-vpn-connection","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/how-to-add-a-routable-subnet-to-a-fortigate-vpn-connection","title":{"rendered":"How to add a routable subnet to a Fortigate VPN connection"},"content":{"rendered":"

When a user VPN into a Fortigate Router , make sure they can access all Subnet available to the router not just the local one :<\/p>

  1. Added security policy \u2013 allow from SSL VPN interface to IPsec VPN \u00a0<\/li><\/ol>

    Name :<\/strong>\u00a0SSL VPN to New Subnet<\/p>

    Incoming Interface :<\/strong> SSL-VPN tunnlel Interface ( ssl.root )\u00a0<\/p>

    Outgoing Interface<\/strong> – %Interface of Site to Site VPN for Remote Site%<\/p>

    Source :<\/strong> SSL VPN Client Range \/ SSLVPN_Users<\/p>

    Destination Address : %new subnet%<\/p>

    Schedule : Always<\/p>

    Service : ALl<\/p>

    Action : Accept<\/p>

    Nat : Enabled (\u00a0 to traverse IPsec VPN as local address (192.168.0.x) as opposed to SSL VPN client range (192.168.1.x)\u00a0<\/p>

    IP Pool Configuration : Use Dymanic IP Pool<\/strong> and\u00a0NAT Pool for SSL VPN Clients<\/strong><\/p>

    \u00a0<\/p>

    2. \u00a0Make you have DHCP NAT pool\u00a0Range excluded from your onsite DHCP\u00a0<\/p>

    3.Added New Subnet to routing address in SSL VPN portal \u2013 tunnel mode<\/strong><\/p>

    VPN – > SSL VPN Portals<\/p>

    Tunnel Mode -> Enable Split Tunnelings -> Routing Address\u00a0<\/p>","protected":false},"excerpt":{"rendered":"

    When a user VPN into a Fortigate Router , make sure they can access all Subnet available to the router not just the local one :Added security […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1527,1],"tags":[2052,2053,2049,1251,1250,2050,2051,1351],"class_list":["post-2633","post","type-post","status-publish","format-standard","hentry","category-networking","category-research","tag-access-second-subnet","tag-access-subnet-via-site-to-site-vpn","tag-dymanic-ip-pool","tag-fortigate","tag-fortinet","tag-nat-pool-for-ssl-vpn-clients","tag-routable","tag-vpn"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/2633","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=2633"}],"version-history":[{"count":2,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/2633\/revisions"}],"predecessor-version":[{"id":2706,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/2633\/revisions\/2706"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=2633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=2633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=2633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}