(ask)Seperate Internet and VPN Traffic Forticlient

Hello I want to ask,

I have a case like this:

i have a single internet connection , and i want to build with rule like this

a. if user connect to internet , a user must login with captive portal

b. if user want to connect to my branch office , user use forticlient for VPN but but not use captive portal

can i do that? sorry for my bad english.

SuperUser

hi,

yes, you can identify the VPN traffic and create a separate policy for it which does not contain a captive portal.

For IPsec VPN, allow ESP, AH, udp/500 and udp/4500.

For SSLVPN, allow the port which you reserve for it, e.g. 443 or 10443.

Put this (more specific) policy on top of the other, more general policy allowing access to the internet.

Sign up