Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pksubramanian
Staff
Staff

Created on ‎09-03-2019 02:30 AM Edited on ‎04-23-2024 02:01 AM By Community Manager

Article Id 191848

Technical Tip: Enabling SSL VPN Full Tunnel

Description


This article describes how to enable SSL VPN Full Tunnel.
When an SSLVPN user connects to FortiGate with a Full Tunnel VPN profile, a default route is injected into the user machine. However, the directly connected local segment (on link) of the laptop will still be accessible.

Example with laptop@192.168.86.202 which is able to access 192.168.86.205 :

 

local segment: 192.168.86.x
Laptop: 192.168.86.202
onlink resource: 192.168.86.205

 

Scope

 

FortiGate.


Solution


To prevent SSL VPN users from accessing the “on link” resource, configure “exclusive-routing enable”:

 

config vpn ssl web portal
    edit full-access                   <------------- Respected SSLVPN TUNNEL
        set exclusive-routing enable   <------------- Enable
end

 

Note: 

This feature is not compatible with application-based split tunnels (configurable for FortiClient VPN profiles in EMS). Application-based split tunneling takes precedence and disables exclusive-routing.

10161
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.