Technical Tip: Behavior in FortiClient Mac (MacOS) IPsec VPN and split tunnel
| Description | This article describes the behavior when FortiClient macOS does not add routes included in the split tunnel. |
| Scope | FortiClient MacOS v7.0.x, v7.2.x, and v7.4.x. |
| Solution | There are some scenarios where there are a large numbers of IP/subnets that needs to be added into the split tunnel configuration.
By design, FortiClient macOS uses a size of 4096-character array to store split IP/subnets. This translates to FortiClient MacOS can install a minimum of 128 subnets and a maximum of 256 subnets.
If there is a scenario where split tunnel configuration has more than 128 IP/subnets, it is recommended to summarize the subnets in the FortiGate configuration to guarantee the functionality of split tunneling.
Related documents: Technical Tip: FortiClient Dialup IPsec VPN (Split Tunneling) |