Description
This article describes how to enable/disable split tunnel for IPsec dial-up VPN.
Scope
FortiGate.
Solution
Enable this feature while configuring the VPN tunnel via wizard as shown below.
IKE debug will contain the following error when using IP ranges:
mode-cfg ignoring range 0:10.0.1.240-10.0.1.254:0, only ip/subnet supported
Accessing FQDN via IPsec Split tunnel:
IPsec Split tunnel does not have a direct option to push FQDN networks to VPN users.
It has option to push network subnets only.
To get access to FQDN via the IPsec Split tunnel, the network IPs of the FQDN need to be manually added to the accessible network of IPsec tunnel configuration.
Note: Configuring changes in the IPsec VPN while a user/s is connected, will disconnect them and will need to reconnect.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.