- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiClient in MacOs Sonoma - Split Tunneling
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClient in MacOs Sonoma - Split Tunneling
Hello good.
I have installed Forticlient on my Mac.
I connect perfectly to my VPN, but it leaves me without connection to my calls or "local" resources.
I can't browse the internet on my network, or access my printer.
I need to make a route that allows only the calls I want to go out through the VPN.
How can I do split tunneling for Forticliente on MacOs Sonoma?
I know there is no configuration panel option and you have to do it using the terminal and commands.
Does anyone know how?
Thank you.
Labels:
- Labels:
-
FortiClient
-
VLAN
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Split-tunneling is generally configured from the FortiGate side of things, not on the end-client.
If you are the administrator of the FortiGate, you can follow this guide: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply.
I understand that then what the system does is go out through the VPN, but if it is configured as the link says, the call is "returned" to the local computer so that it directs it to its network, is that correct?
But, if we cannot manage the configuration on the server side, since it is a third-party service...
Can't I redirect my network traffic before it goes outside the VPN?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ajdelgado ,
From FortiClient perspective the decision is made based on the destination you are trying to reach, whether to route the traffic through the VPN tunnel or the local gateway.
You will need the help of the FortiGate administrator to achieve what you want.
Perhaps is easy to request a change to the Service Provider and they can help you further.
I am just thinking if it is possible to have another NIC installed on Mac(not sure if possible) which connects locally on another network.
Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
If you have found a solution, please like and accept it to make it easily accessible for others.
Created on 03-26-2024 12:13 PM Edited on 03-26-2024 12:14 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can try and add a route with the subnet of your local network, and have it be a better metric than the FortiClient default route. Everything that does not match the local network route will be sent over the tunnel.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you.
How do I set a redirect route?
We talk about MacOs, but that's it. a UNIX system.
If you can give me an example, my ip would be: 192.168.1.22, netmask: 255.255.255.0 and my gateway 192.168.1.1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this: " sudo route -n add -net 192.168.1.0/24 192.168.1.22"
To remove: "sudo route -n delete 192.168.1.0/24"
If this doesn't work, post the output of 'netstat -rn' before and after making this change
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It does not work.
My ip is 192.168.1.22 and the gateaway is 192.168.1.1
Is the configuration you have indicated correct?
When I activate the VPN through forticliente, I connect to the VPN but it does not browse "on the local network".
The IP I need to connect to with VPN is 192.168.5.50
If I use netstat -rn I see:
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGScg en7
default 192.168.1.1 UGScIg en0
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
169,254 link#13 UCS en7 !
169,254 link#6 UCSI en0 !
192.168.1 link#13 UCS en7 !
192.168.1 link#6 UCSI en0 !
192.168.1.1/32 link#13 UCS en7 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en0 1194
192.168.1.1/32 link#6 UCSI en0 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en7 1194
192.168.1.22/32 link#13 UCS en7 !
192.168.1.22 0:24:32:18:7c:1e UHLWI lo0
192.168.1.35 86:87:3e:f5:85:cb UHLWI en0 927
192.168.1.35 86:87:3e:f5:85:cb UHLWIi en7 1163
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en0 1041
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en7 1041
192.168.1.38 70:70:aa:f2:2f:1d UHLWI en0 1150
192.168.1.38 70:70:aa:f2:2f:1d UHLWI en7 1150
192.168.1.42/32 link#6 UCS en0 !
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en0 491
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en7 491
192.168.1.47 38:8b:59:8e:de:52 UHLWIi en0 1124
192.168.1.47 38:8b:59:8e:de:52 UHLWIi en7 1170
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en0 1020
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en7 1020
224.0.0/4 link#13 UmCS en7 !
224.0.0/4 link#6 UmCSI en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
224.0.0.251 1:0:5e:0:0:fb UHmLWI en7
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en7
255.255.255.255/32 link#13 UCS en7 !
255.255.255.255/32 link#6 UCSI en0 !
And when I activate the VPN:
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGScg en7
default 192.168.1.1 UGScIg en0
default link#20 UCSIg utun5
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
169.254 link#13 UCS en7 !
169.254 link#6 UCSI en0 !
192.168.1 link#13 UCS en7 !
192.168.1 link#6 UCSI en0 !
192.168.1 192.168.1.1 UGScI utun5
192.168.1.1/32 link#13 UCS en7 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en0 1199
192.168.1.1/32 link#6 UCSI en0 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en7 1199
192.168.1.22/32 link#13 UCS en7 !
192.168.1.22 0:24:32:18:7c:1e UHLWIi lo0
192.168.1.35 86:87:3e:f5:85:cb UHLWI en0 1163
192.168.1.35 86:87:3e:f5:85:cb UHLWIi en7 1133
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en0 875
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en7 875
192.168.1.38 70:70:aa:f2:2f:1d UHLWI en0 1152
192.168.1.38 70:70:aa:f2:2f:1d UHLWIi en7 1087
192.168.1.42/32 link#6 UCS en0 !
192.168.1.42 a4:83:e7:d1:4f:da UHLWI lo0
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en0 325
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en7 325
192.168.1.47 38:8b:59:8e:de:52 UHLWI en0 1151
192.168.1.47 38:8b:59:8e:de:52 UHLWIi en7 1149
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en0 1180
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en7 1180
192.168.5.3/32 link#20 UCS utun5
192.168.5.3 link#20 UHWIi utun5
192.168.5.4/32 link#20 UCS utun5
192.168.5.5/32 link#20 UCS utun5
192.168.5.22/32 link#20 UCS utun5
192.168.5.23/32 link#20 UCS utun5
192.168.5.24/32 link#20 UCS utun5
192.168.5.25/32 link#20 UCS utun5
192.168.5.26/32 link#20 UCS utun5
192.168.5.29/32 link#20 UCS utun5
192.168.5.30/32 link#20 UCS utun5
192.168.5.31/32 link#20 UCS utun5
192.168.5.32/32 link#20 UCS utun5
192.168.5.33/32 link#20 UCS utun5
192.168.5.36/32 link#20 UCS utun5
192.168.5.43/32 link#20 UCS utun5
192.168.5.45/32 link#20 UCS utun5
192.168.5.50/32 link#20 UCS utun5
192.168.5.50 link#20 UHWIi utun5
192.168.50.1 192.168.50.1 UH utun5
224.0.0/4 link#13 UmCS en7 !
224.0.0/4 link#6 UmCSI en0 !
224.0.0/4 link#20 UmCSI utun5
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
224.0.0.251 1:0:5e:0:0:fb UHmLWI en7
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en7
239.255.255.250 link#20 UHmW3I utun5 81
255.255.255.255/32 link#13 UCS en7 !
255.255.255.255/32 link#6 UCSI en0 !
255.255.255.255/32 link#20 UCSI utun5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see two routes toward 192.168.5.50 and both using "link#20" as default gateway
192.168.5.50/32 link#20 UCS utun5
192.168.5.50 link#20 UHWIi utun5
So i guess you need to delete them and add only one :
sudo route -n add -net 192.168.5.50/32 192.168.1.1
Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
If you have found a solution, please like and accept it to make it easily accessible for others.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you.
How do I delete routes?
sudo route -n delete 192.168.5.50 ??
Related Posts
Labels
-
FortiGate
6,528 -
FortiClient
1,303 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
59 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.