Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
carabhavi
Staff
Staff

Created on ‎05-25-2020 06:36 AM Edited on ‎12-15-2024 02:40 PM By Moderator

Article Id 198692

Technical Tip: Disabling the 'Split-Tunnel' configuration

Description

 

This article describes how to disable the 'Split-Tunnel' feature and create an IPv4 policy for WAN access.

 

Scope

 

FortiGate.

Solution


Disabling the 'Split-Tunnel' option for SSL VPN or IPSec Dialup.

 

For SSL VPN refer to the following:


Go to VPN -> SSL VPN Portals -> Edit SSL VPN Portal and under 'Tunnel Mode' disable 'Enable Split Tunneling'.

 
Once the split tunnel option is disabled, all user Internet traffic will reach FortiGate, and a VPN interface to WAN policy is needed.
 
 
The incoming interface will be the SSL VPN interface, the outgoing interface will be the WAN interface, and in the above example, port1 is the WAN interface.
 

For IPSec Dialup refer to the following:

 

Go to VPN -> IPSec Tunnels and under Network, the option for IPv4 Split Tunnel must be disabled.

disable_split tunnel.png

 

Once the IPv4 split tunnel is disabled, a firewall policy from the IPSec Dialup to the WAN policy is needed.

 

Ipsec to wan.PNG

Note:

Doing changes in the IPsec VPN while a user is active will disconnect them. It will then be necessary to reconnect.

17050
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.