Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yanivg11
New Contributor II

FQDN through Split tunnel overrides the default route and block internet for MAC users

Hi All,

We have followed this article to set FQDN access using Split tunnel:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Access-to-Specific-FQDN-using-Split-Tunnel...

 

The users are able to access the FQDN thought the split-tunnel as expected.

However we noticed that MAC users are unable to browse internet while connected with FortiClient.

 

While looking into this we noticed that both Windows users and MAC users get a new default route when connecting with FortiClient.

But while Windows users are still able to browse the internet, MAC users are not.

First screenshot is from Windows user with FortiClient connected, this user is still able to browse the internet although the new default route:

Windows user.png

Second screenshot is from MAC user, before and after FortiClient connected,

Once the FortiClient is connected this user is unable to browse the internet:

MAC user.jpg

 

Any advice? tnx

12 REPLIES 12
yanivg11
New Contributor II

Thank you AEK, will do.

hbac
Staff
Staff

Hi @yanivg11,

 

Can you show the firewall policy with FQDN configuration? What is the FortiGate and FortiClient version? 

 

Regards, 

yanivg11
New Contributor II

Hi hbac, thank you for your reply.

I can show my policy without the FQDN entries, I have checked them all and all resolve to specific IP addresses:
policy.pngpolicy.png

 

Forti version 7.2.3

FortiClient version 7.0.9.0493

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors