Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yanivg11
New Contributor II

Created on ‎02-20-2024 12:37 AM Edited on ‎02-20-2024 12:46 AM

FQDN through Split tunnel overrides the default route and block internet for MAC users

Hi All,

We have followed this article to set FQDN access using Split tunnel:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Access-to-Specific-FQDN-using-Split-Tunnel...

 

The users are able to access the FQDN thought the split-tunnel as expected.

However we noticed that MAC users are unable to browse internet while connected with FortiClient.

 

While looking into this we noticed that both Windows users and MAC users get a new default route when connecting with FortiClient.

But while Windows users are still able to browse the internet, MAC users are not.

First screenshot is from Windows user with FortiClient connected, this user is still able to browse the internet although the new default route:

Windows user.png

Second screenshot is from MAC user, before and after FortiClient connected,

Once the FortiClient is connected this user is unable to browse the internet:

MAC user.jpg

 

Any advice? tnx

Labels:
764
0 Kudos
12 REPLIES 12
yanivg11
New Contributor II
In response to AEK

Created on ‎02-22-2024 01:56 AM

Thank you AEK, will do.

140
0 Kudos
hbac
Staff
Staff

Created on ‎02-20-2024 07:11 AM

Hi @yanivg11,

 

Can you show the firewall policy with FQDN configuration? What is the FortiGate and FortiClient version? 

 

Regards, 

260
yanivg11
New Contributor II
In response to hbac

Created on ‎02-20-2024 09:49 AM Edited on ‎02-20-2024 09:52 AM

Hi hbac, thank you for your reply.

I can show my policy without the FQDN entries, I have checked them all and all resolve to specific IP addresses:
policy.pngpolicy.png

 

Forti version 7.2.3

FortiClient version 7.0.9.0493

245
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.