Chapter 16 SSL VPN for FortiOS 5.0 : Basic Configuration : Additional configuration options : Routing in tunnel mode
  
Routing in tunnel mode
If are creating a SSL VPN connection in tunnel mode, you need to add a static route so that replies from the protected network can reach the remote SSL VPN client.
To add the tunnel mode route - web-based manager
1. Go to Router > Static > Static Routes and select Create New.
For low-end FortiGate units, go to System > Network > Routing and select Create New.
2. Enter the Destination IP/Mask of the tunnel IP address that you assigned to the users of the web portal.
3. Select the SSL VPN virtual interface for the Device.
4. Select OK.
To add the tunnel mode route - CLI
If you assigned 10.11.254.0/24 as the tunnel IP range, you would enter:
config router static
edit <id>
set device ssl.root
set dst 10.11.254.0/24
set gateway <gateway_IP>
end
See Also
Changing the port number for web portal connections
SSL offloading
Customizing the web portal login page
Host check
Windows OS check
Configuring cache cleaning
Configuring virtual desktop
Configuring client OS Check
Adding WINS and DNS services for clients
Setting the idle timeout setting
SSL VPN logs
Monitoring active SSL VPN sessions