FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
This article describes the behavior when FortiClient macOS does not add routes included in the split tunnel.
Scope
FortiClient MacOS v7.0.x, v7.2.x, and v7.4.x.
Solution
There are some scenarios where there are a large numbers of IP/subnets that needs to be added into the split tunnel configuration.
By design, FortiClient macOS uses a size of 4096-character array to store split IP/subnets. This translates to FortiClient MacOS can install a minimum of 128 subnets and a maximum of 256 subnets.
If there is a scenario where split tunnel configuration has more than 128 IP/subnets, it is recommended to summarize the subnets in the FortiGate configuration to guarantee the functionality of split tunneling.
