Skip to main content
chethan
chethan
Explorer II
June 26, 2021
Question

FortiClient EMS - Allow internet only when connected to VPN

  • June 26, 2021
  • 1 reply
  • 3930 views

Hello Everyone,

 

How do you configure FortiClient EMS to enforce endpoints to allow/access internet only when they are connected to the SSL-VPN ? 

 

The users should not be able to use internet if they are disconnected from the VPN (as a company policy). 

 

"My query is not about Split-tunneling"

 

Thank you.

1 reply

fcb
fcb
Visitor III
July 21, 2021

Step 1: Make EMS to where it's reachable from the public Internet using the same name as it has on the internal network (ie: ems.domain.com)

Step 2: Setup an on-net and an off-net profile on EMS. The on-net profiles allows traffic to come back through the tunnel and the web filter sand app firewall are not as strict. The off-net profile (the one the get when at home) has everything blocked in web filter and app firewall.

 

EMS will determine off-net and on-net by the machines current IP address so you will have a little to do there but not bad

Terms & ConditionsAccessibility statement