Internet (Especially O365) traffic not traverse SSL VPN

Forum|Forum|5 years ago
June 4, 2020
2 replies
3478 views

Hi community,

Can someone please point me in the direction of a KB article explaining how to limit traffic that goes over the SSL VPN? I want users to access systems, but all internet, especially o365 traffic needs to break out locally form the users' computers/internet.

From what I can tell split tunneling is what I need to look at, but that's about as far as my experience goes.

Any help much appreciated.

Thanks

6.2

lobstercreed

New Member

Yes, split tunneling is a very common configuration. You can simply enable it in the SSL VPN Settings.

The only traffic that will go across the VPN then is the traffic you either define under the Split Tunnel config (extra options will appear in the GUI) or it will be determined by what policies the user has access to upon login. I do the latter personally.

SebastiaanRAuthor

New Member

Thanks for the response and guidance. I currently have it configured as follow:

I'll look at limiting the traffic as per your recommendation, thanks. From now I'd just like to get it working.

Running a trace route to an IP, both connected and disconnected I get the same hope and routes, which leads me to believe the internet is not going over the VPN, which is good and seem to be working.

I do find that browsing the internet once connected is very slow. It his a typical finding? It's as though DNS takes just a little bit longer to resolve. The moment I disconnect the VPN, browsing speed is back to normal.

Thanks

ikmarwright

New Member

Have you gone through the cookbook already? https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/941552/editing-the-ssl-vpn-portal (if you have 6.0.?)

You can use Routing address are the addresses you want going through the SSL-VPN connection.

Dave

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded