Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
lkorbasiewicz_FTNT
Staff
Staff

Created on ‎02-23-2015 08:05 AM Edited on ‎12-30-2024 10:48 PM By Community Manager

Article Id 198757

Technical Tip: How routes are populated in FortiClient SSL VPN Tunnel Mode

Description

 

This article describes how routes are populated in FortiClient SSL VPN Tunnel Mode is useful in order to avoid configuration issues where some networks cannot be accessed due to missing routes.
 
Scope
 
FortiClient.


Solution

 

In v5.0 and earlier, routes are populated based on destinations included in the SSL VPN auth policy (with action SSL VPN) and are not based on tunnel access policies (with ssl.root interface).

[Protected networks] --- [FortiGate] --- <SSL VPN TUNNEL MODE> --- [FortiClient]

Add all accessed (protected) networks to auth policy as a destination; only these destinations will be populated to the SSL VPN client routing table when split-tunneling is enabled.

From v5.2 onwards where on the VPN -> SSL -> Portals page the 'Routing Address' can be explicitly defined as shown below:

image.png

 

22161
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.