SSL VPN - Split Tunneling
- February 25, 2020
- 1 reply
- 8937 views
Hi. I have a FortiGate 100F which I have configured for SSL-VPN in "Tunnel-Mode" (also configured a policy) > which is working. Now I would like to set up "Split Tunneling" > I have enabled it and set up the routing addresses. Now the issue is, that I can only connect to the "MGMT-IP-Address" if I set the outgoing-interface to "any". I have attached a screenshot of the VPN policy. If it is configured like in the screenshot, then I'm able to connect to the "MGMT-IP-Address" for remote managment over VPN. "Security Fabric" marks this as "failed".
But I can't select "MGMT" as interface in the policy rules, it is not appearing in the list of interfaces. If add all available interfaces (execpt "any") to the "outgoing interface" then I'm not able to connect to the "MGMT-IP-Address" with VPN.
For the MGMT-IP-Address I have created a "firewall address", which I have added to the "routing addresses":
config firewall address edit "VPN-MGMT" set uuid e79017f6-4b1f-51ea-b3bb-a7dd0f696a51 set subnet 192.168.99.0 255.255.255.0 next end
As explained, it is working with "outgoing interface = any" of the policy - but the "Security Fabric" marks "failed" and I can't set up this Interface/IP on the outgoing interface. Can I ignore the Security Fabric for this case? I suppose not, but no I'm wondering how I can connect to the "MGMT-IP-Address".