Split Tunnel

Hi Mehul,

Please note that the ISDB object will not support split tunneling. It is necessary to manually build an address group and include all of the Teams addresses.

Regards,
Babitha M

Is there any template to perform the same because there are a lot of IP ranges for MS Teams

Hi,

Please follow the KB - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Access-to-Specific-FQDN-using-Split-Tunnel-SSL-VPN/ta-p/190062

Best regards,

Erlin

Hello @Mehulp.,

+ Find the IP address ranges that Microsoft Teams uses for its traffic. Microsoft provides a list of IP addresses and ranges that their services use, including Teams.

+ Set up the basic split tunneling configuration on your FortiGate firewall to route general internet traffic through the VPN tunnel while allowing specific traffic to bypass it.

+ You'll need to create a custom routing table to handle the traffic you want to exclude from the VPN tunnel.
+ Assign the custom routing table to the IP address ranges associated with Microsoft Teams traffic.

Example of what the CLI configuration might look like

config system dns-database

edit "microsoft_teams"

config ip-range

edit 1

set start-ip <start_ip>

set end-ip <end_ip>

next

end

next

end

config system route-table

edit "teams_bypass"

config rule

edit 1 set src 0.0.0.0 0.0.0.0

set dst "microsoft_teams"

set gateway <gateway_ip>

next

end

next

end

Let us know if you have any queries.

Thanks,

Pavan