Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
itx86
New Contributor

Created on ‎02-18-2019 03:38 AM

FortiClient Default Gateway IPsec

Hello guys, I am facing the following challenge and can't get any further. I hope you can help me.

 

I want to connect a VPN between a virtual server (hosted Windows Server 2016) and a data center.

The virtual server has no VPN capability. With FortiClient I was able to establish the connection to the data center via IPSec,

but it takes the IP of the data center when it goes out to the Internet. What do I have to change or how do I get it that he keeps his IP? Or is there another way, I have a FortiGate 50E in the datacenter. Thank you very much for your help.

13236
0 Kudos
1 Solution
SteveG
Contributor III
In response to itx86

Created on ‎02-18-2019 03:13 PM

Thanks for the screenshot, it really helps. Under "Accessible Networks" enter the network range you want to access via the VPN, for example 10.0.0.0/8.

 

This doc provides an example config

 

https://kb.fortinet.com/kb/viewContent.do?externalId=FD36253

 

The part you need is 

    set ipv4-split-include "Internal_Network"     /* Local protected network that the remote dial-up IPsec clients reach */    

View solution in original post

8050
0 Kudos
5 REPLIES 5
SteveG
Contributor III

Created on ‎02-18-2019 08:01 AM

If I understand what you're asking you need to configure the VPN for Split Tunneling and specify the CIDR ranges you'd like to send via the FortiClient VPN.

7998
0 Kudos
itx86
New Contributor
In response to SteveG

Created on ‎02-18-2019 11:24 AM

Hi Steve, thank you so much for the answer. Yes, I checked that as a test, but nothing has changed. Where do I set the CIDR? What must I enter, can you please give me an example. Do I have to consider or change the configuration of IPv4 Policy or Forticlient App? (screenshot in the attachment)

Thanks for your help.

 

FG50eIpSec.JPG
Preview file
36 KB
7998
0 Kudos
SteveG
Contributor III
In response to itx86

Created on ‎02-18-2019 03:13 PM

Thanks for the screenshot, it really helps. Under "Accessible Networks" enter the network range you want to access via the VPN, for example 10.0.0.0/8.

 

This doc provides an example config

 

https://kb.fortinet.com/kb/viewContent.do?externalId=FD36253

 

The part you need is 

    set ipv4-split-include "Internal_Network"     /* Local protected network that the remote dial-up IPsec clients reach */    

8051
0 Kudos
itx86
New Contributor
In response to SteveG

Created on ‎02-19-2019 03:35 AM

Thank you, that was the solution. You saved my day, thank you Steve. :-))

7998
0 Kudos
SteveG
Contributor III
In response to itx86

Created on ‎02-19-2019 03:50 AM

Excellent :)

7998
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.