VPN IPsec Remote Acess Split Tunnel

Forum|Forum|3 months ago
March 2, 2026
3 replies
354 views

When we use IPSec for remote access with Split tunnel enabled, can we make the fortiget to not set dns in the client?
Now when the forticlient connected to the VPN then the client can't access the local domain.

FortiGate

Best answer by Toshi_Esumi

More specifically, try below:
config vpn ipsec phase1-interface
edit <dup_ipsec_name>
unset ipv4-dns-server1
unset ipv4-dns-server2
next

end

while you still have:
set dns-mode manual

Toshi

funkylicious

SuperUser

most likely the option Use sytem DNS was enabled in the IPsec config, which means it will push the DNS servers from the FortiGate to the client.

just disable it, or set it to manually in CLI and then set the correct DNS servers - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-multiple-DNS-server-for-IPsec-dial-up-VPN/ta-p/198129

"jack of all trades, master of none"

AEK

SuperUser

Yes you disable pushing DNS because split tunnel is different than split DNS.

AEK

Toshi_EsumiAnswer

SuperUser

More specifically, try below:
config vpn ipsec phase1-interface
edit <dup_ipsec_name>
unset ipv4-dns-server1
unset ipv4-dns-server2
next

end

while you still have:
set dns-mode manual

Toshi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded