Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Mrinmoy
Staff
Staff

Created on ‎09-24-2024 10:43 PM

Article Id 344007

Technical Tip: Convert SSL VPN Split tunnel to Full tunnel

Description This article explains how to convert an SSL VPN from split tunnel mode to Full tunnel mode.
Scope FortiGate v6.4 or later.
Solution
  1. Identify the portal which is under VPN ->SSL-VPN Settings

 

1. SSL VPn settings.JPG

 

  1. Modify the portal from 'Enabled Based on Policy Destination' to 'Disabled'. 

 

3. Portal settings.JPG

 

  1. For split tunnel, there is already a firewall policy configured to allow the traffic from the 'SSL VPN client' to the 'Internal/ LAN' Network.

 

5. SSL to Internal.JPG

 

  1. A full tunnel is also responsible for allowing the traffic from the 'SSL VPN client' to the 'Public' Network. Another policy is necessary to allow that traffic.

 

4. SSL to WAN.JPG

 

Verification:

In the case of a split tunnel, only one route (internal network) will be installed in the remote computer.

 

7. Route-table-Split-tunnel.JPG

 

The full tunnel will install a default route in a remote computer with a lower matric.

 

6. Route-table-Full-tunnel.JPG
371
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.