Testing private access connectivity from FortiGate hub network to remote users
This test depends on a private access policy being defined in the From Hub direction on a FortiSASE instance with the remote VPN user identification selected availability feature. See Remote VPN user identification. |
You can verify access from the FortiGate hub network to FortiSASE users, namely FortiClient users connected to FortiSASE in endpoint mode using ping.
From a host behind the FortiGate hub internal network, use ping to verify access to a FortiClient user connected to FortiSASE
The example pings the FortiClient user with 100.65.0.1 from 10.100.99.104, which is a host on an internal network. The following shows sample output:
root@internal-server-01:~# ping 100.65.0.1 PING 100.65.0.1 (100.65.0.1) 56(84) bytes of data. 64 bytes from 100.65.0.1: icmp_seq=1 ttl=126 time=73.3 ms 64 bytes from 100.65.0.1: icmp_seq=2 ttl=126 time=72.5 ms 64 bytes from 100.65.0.1: icmp_seq=3 ttl=126 time=74.0 ms 64 bytes from 100.65.0.1: icmp_seq=4 ttl=126 time=72.1 ms ^C --- 100.65.0.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 72.127/73.008/74.034/0.735 ms