Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

FQDN through Split tunnel overrides the default route and block internet for MAC users

Hi All,

We have followed this article to set FQDN access using Split tunnel:


The users are able to access the FQDN thought the split-tunnel as expected.

However we noticed that MAC users are unable to browse internet while connected with FortiClient.


While looking into this we noticed that both Windows users and MAC users get a new default route when connecting with FortiClient.

But while Windows users are still able to browse the internet, MAC users are not.

First screenshot is from Windows user with FortiClient connected, this user is still able to browse the internet although the new default route:

Windows user.png

Second screenshot is from MAC user, before and after FortiClient connected,

Once the FortiClient is connected this user is unable to browse the internet:

MAC user.jpg


Any advice? tnx

New Contributor II

Thank you AEK, will do.


Hi @yanivg11,


Can you show the firewall policy with FQDN configuration? What is the FortiGate and FortiClient version? 



New Contributor II

Hi hbac, thank you for your reply.

I can show my policy without the FQDN entries, I have checked them all and all resolve to specific IP addresses:


Forti version 7.2.3

FortiClient version


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors