Skip to main content
aleguizamon
Staff
aleguizamon
Staff
January 15, 2025

Technical Tip: Forward traffic to public IP using IPsec VPN Dial-up Wizard

  • January 15, 2025
  • 3 replies
  • 1508 views
Description

This article describes a situation where one specific IP needs to be accessed through FortiGate public IP, while keeping a split tunnel enabled in a Dial-up VPN.
Scope FortiGate VPN.
Solution

In this example, remote users need to access a remote website that only allows FortiGate's public IP and a full-tunnel VPN is not a feasible option.

 

  1. Create the Address Object type subnet for the destination IP:


Address.gif

 

Note:

The IPSec VPN does not support FQDN objects for split tunnels: Enable split-tunnel For IPsec VPN - Fortinet Community

  1. Create IPSec VPN under VPN -> IPSec Wizard -> Remote Access -> Client-Based -> FortiClient:
  • Select the incoming interface, and add preshared-key and user group.
  • In the Local interface, select internal/LAN interface and wan interface.
  • In the local address, add the LAN subnet object and the website address created in step1.


Tunnel.gif

 

  1. Go to Firewall policies and adjust the destination address.
  • In the VPN to internal policy, remove the website address from the destination.
  • In the VPN to wan policy, remove the LAN address from the destination.

 

policy_check.gif

      3 replies

      GILMENDO
      Staff & Editor
      GILMENDO
      Staff & Editor
      January 18, 2025

      Great job @aleguizamon thank you for your contribution!

      MaryBolano
      Staff & Editor
      MaryBolano
      Staff & Editor
      January 18, 2025

      Amazing job @aleguizamon, Keep it up!!! ☺

      JorgeMonroyPad
      Staff & Editor
      JorgeMonroyPad
      Staff & Editor
      January 18, 2025

      Great documentation, @aleguizamon!!! Keep it up!!!

      Terms & ConditionsAccessibility statement