Created on
09-19-2019
05:05 AM
Edited on
10-26-2023
09:02 PM
By
Anthony_E
Description
This article explains how to allow access to specific site FQDN using split tunnel SSLVPN.
FQDN address is not supported in split tunnel.
Scope
FortiGate.
Solution
To achieve this requirement, follow below steps:
Note:
Address Type should be FQDN
Example here below of FQDN : example.com.
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.201.3.146 10.201.3.153 6
8.8.8.8 255.255.255.255 10.212.134.201 10.212.134.200 1 <----- subnet that was added in the first policy
192.168.108.0 255.255.255.0 10.212.134.201 10.212.134.200 1 <----- subnet that was added in the second policy
192.168.112.0 255.255.255.0 10.212.134.201 10.212.134.200 1 <----- subnet that was added in the second policy
192.168.200.0 255.255.255.0 10.212.134.201 10.212.134.200 1 <----- subnet that was added in the second policy
10.201.0.0 255.255.240.0 On-link 10.201.3.153 261
10.201.15.255 255.255.255.255 On-link 10.201.3.153 261
10.212.134.200 255.255.255.255 On-link 10.212.134.200 257
93.184.216.34 255.255.255.255 10.212.134.201 10.212.134.200 1 <----- Prefix for FQDN
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.201.3.153 261
224.0.0.0 240.0.0.0 On-link 10.212.134.200 257
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.