Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jera
Staff
Staff

Created on ‎04-01-2024 03:38 AM Edited on ‎11-24-2025 06:39 AM By Community Manager

Article Id 307466

Troubleshooting Tip: Full tunnel and split tunnel endpoint route comparison

Description This article describes how the route should appear on a Windows PC when using a full tunnel or split tunnel for SSL VPN or IPsec connection.
Scope Windows PC, FortiClient v7.2.4.
Solution

To verify the route on the client machine, run the command 'route print' in the command line if the client is a Windows device.

 

SSL VPN or IPsec full tunnel:

  • When remote users are connected to the tunnel, both corporate network and internet network traffic will be forwarded through the tunnel.  
  • A default route pointing to the tunnel interface will be installed on the Windows route table with a Metric of 1. 

 

The above route table is part of the output of 'route print' from the CMD lineThe above route table is part of the output of 'route print' from the CMD line

 

SSL VPN or IPsec split tunnel:

  • When remote users are connected to the tunnel, only the corporate network will be forwarded through the tunnel.
  • Traffic intended for the internet or external sites will be routed to the remote user's personal/home network.
  • A specific route going to the internal subnets will be installed on the Windows route table with a Metric of 1.

 

In the example above, the internal networks are 10.170.0.0/20 and 10.191.0.0/20In the example above, the internal networks are 10.170.0.0/20 and 10.191.0.0/20

 

Related articles:

Technical Tip: Verify SSL VPN Split Tunnel Route on Windows and Linux
2895
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.