Technical Tip: How to check the injected routes in the windows clients by FortiGate via FortiClient

samandeep · ‎08-18-2024

Description

This article describes how to check injected routes in the windows clients through FortiGate via the FortiClient app.

Scope

FortiClient 7.x.x.

Solution

To check the injected routes in the Windows device, ensure that the FortiClient VPN is connected and then type 'route print' in the Windows command prompt (cmd).

Output:

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 172.168.1.1 172.168.1.2 25

10.0.0.0 255.0.0.0 192.168.25.30 192.168.25.29 1

10.9.0.0 255.255.0.0 192.168.25.30 192.168.25.29 1

10.2.0.0 255.255.0.0 192.168.25.30 192.168.25.29 1

10.43.0.0 255.255.0.0 192.168.25.30 192.168.25.29 1

127.0.0.0 255.0.0.0 On-link 127.0.0.1 331

When a client is set up with a split tunnel configuration, the default route will go through the physical NIC's gateway, while specific routes will be directed through the VPN assigned IP.

In the above scenario:

172.168.1.2: Windows NIC IP.
192.168.25.29: IP assigned by FortiClient app / VPN IP.

Note: If any routing subnet/address is added or removed in the VPN configuration on the FortiGate, reconnecting the FortiClient VPN is required to update the Windows routing table and make the changes effective.

Related articles:

Technical Tip: Extra route in Windows routing table when connecting to SSL VPN.

Technical Tip: How routes are populated in FortiClient SSL VPN Tunnel Mode.

Technical Tip: How to check the injected routes in the windows clients by FortiGate via FortiClient

You are leaving our website