Explorer

Solved

IPsec won't split tunnel

Forum|Forum|10 months ago
July 18, 2025
4 replies
4092 views

Hello,

I'm trying to configure an IPsec tunnel to replace ssl-vpn, but i can't make split tunnel to work.

I have split-tunnel enabled with just an internal network allowed, and a policy that explicity allows traffic to that network.

The problem is, once connected, the tunnel pushes a default route to the client, so all the traffic goes thru the Fortigate.

I already tried things i saw on this forum but nothing worked

To add info; doesn't matter what config i do on the forti or client side, doing "route print" always show a default route to the Forti (when i'm connected).

Best answer by sjoshi

Hi ,

This issue appears to occur only when upgrading from a previous version of FortiClient. Installing FortiClient v7.4.3 on a system where FortiClient was never previously installed works as expected.

However, if FortiClient v7.2.x is upgraded directly to v7.4.3, the default route is incorrectly installed.

As a workaround, you can uninstalled FortiClient from the affected system and performed a clean installation of v7.4.3, which should resolve the issue.

sjoshi

Staff

Hi,

Could you please try with FCT v7.4.3 and check. If the issue still persists can you show me VPN and policy config for that TNL

Thanks, Salon

nocAuthor

Explorer

I forgot to add my Forti's version, it's a 80E on v7.0.17, i can't upgrade it right now.

sjoshi

Staff

Hi noc,

I was not suggesting to upgrade the FGT version but the forticlient version in one PC

Thanks, Salon

michael2406

Visitor III

For me the solution was to check network adapters from Fortinet in "Device-Manager". There were Fortinet Adapters with #2 or #3 at the end. Delete them, afterwars it started to work.

FortiDor

Explorer II

Thanks @michael2406 !

Indeed it works !

Is it a bug in the FCT 7.4.3 with the workaround of deleting the both network adapters ? Something in the Release Notes ?

michael2406

Visitor III

I opened a ticket and there was nothing about a bug... they just confirmed that it is a solution to solve the problem. Seems this issue is present in many forticlient versions.. maybe a "normal" behaviour in some cirumstances when you update your forticlient....

FortiDor

Explorer II

Thanks @michael2406

Very strange if it’s not a bug regarding the Support.
Now it’s not working again and only the SSL VPN is stable enough

I hope it will better in the next releases

sferoz

Staff

Hi Noc,
Can you help share the config, TAC case no and relevant PC route print logs if any to sferoz@fortinet.com for more investigation. Also, please update as per previous suggestions once you re-install the FCT 7.4.3 if you are still having the same issue.

michael2406

Visitor III

I send you an email with case number. When reinstalling 7.4.3 with previous removal of FortiClient with FortiClient-Remover-Tool, than it also works. But these adapters where coming with some previous version of FortiClient. We had issues with clients which only had 7.4.2 installed before. So may it was a issue when updating from 7.4.2 to 7.4.3?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded