Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BusinessUser
Contributor

Client is able to connect to SSL VPN but as no internet access

Meaning he gets the local ip address but he has no internet access.

What can be done to resolve this issue?

1 Solution
hbac
9 REPLIES 9
pmeet
Staff
Staff

this should be probably because of using of full tunnel and not split tunneling ,

 

Please refer : https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/... 

PATELMM
hbac
Staff
Staff

Hi @BusinessUser,

 

Most likely, you have split tunneling disabled under SSL VPN portal which means all Internet traffic will go through the VPN and you don't have a firewall policy to allow traffic from ssl.root to the wan interface. You have two choices: 
1. Enable split tunneling as mentioned by pmeet: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

2. Create a firewall policy to allow traffic from ssl.root to wan interface. 

 

Regards,

spoojary
Staff
Staff

Disable split tunnel and a firewall policy should sove your issue.

 

Firewall policy - ssl - wan

Siddhanth Poojary
mle2802
Staff
Staff

Hi there,

Can you please upload SSL VPN setting for more information? Did you enable split tunnel or not? If yes please make sure you have a policy from SSL to Internet. Please refer to this document for more information about split tunnel of SSL VPN "https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

Regards,
Minh.

BusinessUser
Contributor

I am getting error message: could not enable split tunneling, as policy 5 has "all"

How do I know which is policy 5? 

I can deduce it but how do I know which is policy 5?

pbangari

Hi, 

If you want to see the policy id in gui you have to click the gear on the left side of the column header in the firewall policy page and select the field policy id there and apply this. Then gui will show you the policy id.

hbac

Hi @BusinessUser

 

Please refer to this article to find the policy id: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-find-policy-ID/ta-p/250799

 

Regard, 

maulishshah

@BusinessUser , 

 

The concept of split tunnelling involves the ability to route specific traffic through the Firewall, which is why you mentioned specifying addresses in the SSLVPN portal. This is the reason you are unable to set "all" addresses in the policy.

 

To address this issue, you should disable split tunneling from the SSL VPN portal.

 

You can find a reference document on this topic here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

Maulish Shah
KaisonValentino
New Contributor

Ensure the DNS settings on the device are correct. Sometimes, incorrect DNS settings can prevent internet access. Set DNS to automatic or use a reliable DNS server like Google DNS (8.8.8.8 and 8.8.4.4).

Top Kudoed Authors