Chapter 16 SSL VPN for FortiOS 5.0 : Basic Configuration : Configuring security policies : Create a tunnel mode security policy : Routing for tunnel mode
  
Routing for tunnel mode
If you your SSL VPN operates in tunnel mode, you must add a static route so that replies from the protected network can reach the remote SSL VPN client.
To add the tunnel mode route - web-based manager
1. Go to Router > Static > Static Routes and select Create New.
For low-end FortiGate units, go to System > Network > Routing and select Create New.
2. Enter the Destination IP/Mask of the tunnel IP address that you assigned to the users of the web portal.
3. Select the SSL VPN virtual interface for the Device.
4. Select OK.
To add the tunnel mode route - CLI
If you assigned 10.11.254.0/24 as the tunnel IP range, you would enter:
config router static
edit <id>
set device ssl.root
set dst 10.11.254.0/24
set gateway <gateway_IP>
end
See Also
Firewall addresses
Create an SSL VPN security policy
Create a tunnel mode security policy
Split tunnel Internet browsing policy
Enabling a connection to an IPsec VPN