IPSEC split tunnel

Forum|Forum|10 months ago
August 5, 2025
2 replies
488 views

Yall smart people know how to only allow split tunnel on a remote worker for a specific subnet? to let’s say 192.168.13.x. All other traffic (including internet ) go through the tunnel?

FortiGate

Tauri

Explorer II

Hi! Go to VPN -> SSL-VPN portals. There you can define tunnel mode. Select "Enabled Based on Policy Destination". Or in the cli as showed below.

config vpn ssl web portal     edit tunnel-access     set split-tunneling enable end

Check this manual: Link

princes

Staff

HI,

For Dialup IPSEC you need to use below option under phase1 settings:

config vpn ipsec phase1-interface
edit "Dialup_IPsec"

ipv4-split-include "subnet" ------->define your split range and use that address object here.

So the traffic which matched this split range will only be routed towards FortiGate over Dialup tunnel.

other traffic will exit from your local internet adapter.

Thank you.

Regards,

Prince

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded