Skip to main content
comas17
comas17
New Member
November 22, 2014
Solved

[SSL VPN - Split Tunnel] Routing address configuration ?

  • November 22, 2014
  • 3 replies
  • 68908 views

Hi all I'm trying to configure SSL VPN connection on my new Fortigate 60D (formware 5.2.1) and I want to enable split tunnel SSl VPN is already working (using Forticlient) but users cannot browse internet when connected to the office I select VPN - SSL - Portals - double click on "tunnel-access"; if I check "Enable split tunneling" I need to insert a "routing address" What to I need to insert ? I read some docs (for example : http://docs.fortinet.com/...1/fortigate-sslvpn.pdf but there is no detail about "routing address"...) I have already created the  "static route" with device "ssl.root" and the firewall policy (ssl.root to wan1) but it still does not work so I suppose I need to enable the "split tunneling" Thank you

Corrado

    Best answer by Carl_Wallmark

    Then you should use "split tunneling".

     

    The routed address is the network your corporate is using (or multiple).

     

    For example, my work uses 10.46.0.0/20

    Then the routed network should be 10.46.0.0/20.

    This will tell the SSLVPN client that any traffic to this network should go through the tunnel, all other traffic should go directly and NOT through the tunnel.

    3 replies

    Dipen
    Dipen
    New Member
    November 23, 2014

    Enable Split Tunnel - When a user connects to VPN the normal Internet traffic is "NOT" routed over VPN Tunnel to corporate Network.

    Disable Split Tunnel - When a user connects to VPN the normal Internet traffic "is also" routed over VPN Tunnel to corporate Network.

     

    So Dude whats your requirement?

    comas17
    comas17Author
    New Member
    November 24, 2014

    Hi Dipen

    thank you

    I want than when a user connects to VPN the normal Internet traffic is "NOT" routed over VPN Tunnel to corporate Network.

    When I check "Enable split tunneling" it asks for a "routing address" and I don't know which address is necessary to insert. I did not find any help on this on the documentation. Is it a new feature of firmware 5.2.1 ?

    Thank you

    Carl_Wallmark
    Carl_WallmarkAnswer
    New Member
    November 24, 2014

    Then you should use "split tunneling".

     

    The routed address is the network your corporate is using (or multiple).

     

    For example, my work uses 10.46.0.0/20

    Then the routed network should be 10.46.0.0/20.

    This will tell the SSLVPN client that any traffic to this network should go through the tunnel, all other traffic should go directly and NOT through the tunnel.

    Mahmoud_Reda
    Mahmoud_Reda
    New Member
    April 7, 2020

    it is a very old post but still helpful . Thank you :ThumbsUp:

    Terms & ConditionsAccessibility statement