Troubleshooting Tip: Full tunnel and Split Tunnel ...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 307466

Description

This article describes how the route should appear on a Windows PC when using a Full tunnel or Split tunnel for SSL VPN or IPsec connection.

Scope

Windows PC, FortiClient v7.2.4.

Solution

SSL VPN or IPsec Full Tunnel:

When remote users are connected to the tunnel, both corporate network and internet network traffic will be forwarded through the tunnel.
A default route pointing to the tunnel interface will be installed on the Windows route table with a Metric of 1.

The above route table is part of the output of 'route print' from the CMD line

SSL VPN or IPsec Split Tunnel:

When remote users are connected to the tunnel, only the corporate network will be forwarded through the tunnel.
Traffic intended for the internet or external sites will be routed to the remote user's personal/home network.
A specific route going to the internal subnets will be installed on the Windows route table with a Metric of 1.

In the example above, the internal networks are 10.170.0.0/20 and 10.191.0.0/20

2475

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: Full tunnel and Split Tunnel endpoint route comparison

You are leaving our website