In the VPN Wizard and Tunnel dialog, all remote access tunnels, such as the FortiClient tunnel, do not accept any address in the IPv4 split tunnel option, displaying the error 'Invalid address selected'.

This error only appears when trying to add an object with an interface associated.

This is a GUI issue, and the following workarounds are available.

• Create an address object for the same subnet without any interface association:

• Select the existing address object VIA CLI.

config vpn ipsec phase1-interface
    edit "IPSECDAILUP"
        set type dynamic
        set interface "VM"
        set peertype any
        set net-device disable
        set mode-cfg enable
        set proposal aes256-sha256
        set comments "VPN: IPSECDAILUP (Created by VPN wizard)"
        set dhgrp 5
        set xauthtype auto
        set authusrgrp "Test"
        set ipv4-start-ip 10.10.20.1
        set ipv4-end-ip 10.10.20.10
        set dns-mode auto
        set ipv4-split-include "internal"
        set save-password enable
        set psksecret ENC Cr9LmEFNGkUVFzBt1pIMiAcVFJXHLCQ/x5+PIYfqeB0dxIpNY7bBSfi5llmMjY3dkVA
    next
end