Skip to main content
Dhwanil
Dhwanil
New Member
April 13, 2022
Question

adding aws server to a split tunnel

  • April 13, 2022
  • 4 replies
  • 3303 views

Hey Guys,

 

I am trying to add a web-server hosted on AWS to be accessed through the VPN.

Currently running a split tunnel and would like the webserver requests to be routed through the split tunnel, I added the public ip of the server to the active VPN portal also added the address to the SSL-VPN policy. but this does not seem to work, I feel like I am missing something but not so sure.

The webserver is accessbile and confirmed, this more for internal remote users to be able to access the server. Running a fortigate 60E.

 

Any help is much appreciated.

 

4 replies

tio3udes
tio3udes
Explorer III
April 13, 2022

Hello @Dhwanil !

 

By your description everything seems to be fine and be it should be working. But, can you share you configuration?

 

The set up for this is simple. If  you add the IP of the server to the "Routing Address" field on the image below, the traffic to the server from devices connected to the vpn should pass through your firewall. Of course, if there's a policy allowing.

tio3udes_0-1649881921035.png

 

Let me know if this helped.

 

Dhwanil
DhwanilAuthor
New Member
April 13, 2022

Thank you , yeah there, I appeneded the server ip address in the same exsisting policy that is present for the ssl vpn, is there any other policies that I should check. My configuration seems to be the same like the picture you posted. also tried to run traceroute to see if it what was the difference as I have a onpremise web server as well which is behind the tunnel, and does not seem to be able to get to the server at all. even my ssh to the server seems to be failing when I put the IP behind the tunnel, so I am guessing I am missing something somewhere.

Dhwanil
DhwanilAuthor
New Member
April 13, 2022

I got it to work, there was a firewall configuration blocking my way from the policies. I appreciate you taking time out to reply.

 

Timur1
Timur1
Explorer
September 26, 2023

Hi Dhwanil, i am facing the same issue. Can you pls let me know which firewall config was blocking the way from the policy?

tio3udes
tio3udes
Explorer III
April 14, 2022

Glad it's working!

xshkurti
Staff
xshkurti
Staff
September 26, 2023

@Timur1 
Follow this link and execute debug flow commands to check which policy is blocking your traffic:
Debugging the packet flow | FortiGate / FortiOS 7.4.1 | Fortinet Document Library
Executing debug flow commands, you will find matching policy and try to edit that one.

Terms & ConditionsAccessibility statement