Create the static route to tunnel mode clients
Reply packets destined for tunnel mode clients must pass through the SSL VPN tunnel. You need to define a static route to allow this.
To add a route to SSL VPN tunnel mode clients - web-based manager:
1. Go to Router > Static > Static Routes and select Create New.
For low-end FortiGate units, go to System > Network > Routing and select Create New.
2. Enter the following information and select OK.
Destination IP/Mask | 10.11.254.0/24 This IP address range covers both ranges that you assigned to SSL VPN tunnel-mode users. See “Creating the tunnel client range addresses”. |
Device | Select the SSL VPN virtual interface, ssl.root for example. |
| In this example, the IP Pools field on the VPN > SSL > Settings page is not used because each web portal specifies its own tunnel IP address range |