FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppatel
Staff
Staff
Article Id 198108

Description


This article shows the steps to enable the split tunneling feature and route only internal traffic via the tunnel.

 

First configure the SSL-VPN tunnel portal that needs to have split tunneling enabled on. Navigate to VPN > SSL-VPN Portals > enable 'Tunnel Mode', select 'Enabled Based on Policy Destination'

 

Kb 7.3.PNG

 

Then enable the SSL VPN, navigate to VPN -> SSL VPN Settings, enable the SSL VPN, and specify the SSL VPN port in 'Listen on port'. Under Authentication/portal mapping, select the user/group and define the Portal that is configured above.

 

Kb 7.2.png

 

Then create a firewall policy that specifies 'Source' and 'Destination'. 

In the field 'Source' specify the user group and the SSL VPN address range configured in the SSL VPN settings.

In the field 'Destination' specify the subnet that needs to have access to when connected over SSL VPN.

 

Kb 7.4.PNG

 

This will create a route of the destination subnet that will be injected to the client PC once it is connected over SSL VPN.