Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiClient in MacOs Sonoma - Split Tunneling
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClient in MacOs Sonoma - Split Tunneling
Hello good.
I have installed Forticlient on my Mac.
I connect perfectly to my VPN, but it leaves me without connection to my calls or "local" resources.
I can't browse the internet on my network, or access my printer.
I need to make a route that allows only the calls I want to go out through the VPN.
How can I do split tunneling for Forticliente on MacOs Sonoma?
I know there is no configuration panel option and you have to do it using the terminal and commands.
Does anyone know how?
Thank you.
Labels:
- Labels:
-
FortiClient
-
vlan
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Split-tunneling is generally configured from the FortiGate side of things, not on the end-client.
If you are the administrator of the FortiGate, you can follow this guide: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
"Never trust a computer you can't throw out a window."
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply.
I understand that then what the system does is go out through the VPN, but if it is configured as the link says, the call is "returned" to the local computer so that it directs it to its network, is that correct?
But, if we cannot manage the configuration on the server side, since it is a third-party service...
Can't I redirect my network traffic before it goes outside the VPN?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ajdelgado ,
From FortiClient perspective the decision is made based on the destination you are trying to reach, whether to route the traffic through the VPN tunnel or the local gateway.
You will need the help of the FortiGate administrator to achieve what you want.
Perhaps is easy to request a change to the Service Provider and they can help you further.
I am just thinking if it is possible to have another NIC installed on Mac(not sure if possible) which connects locally on another network.
Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
If you have found a solution, please like and accept it to make it easily accessible for others.
Created on 03-26-2024 12:13 PM Edited on 03-26-2024 12:14 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can try and add a route with the subnet of your local network, and have it be a better metric than the FortiClient default route. Everything that does not match the local network route will be sent over the tunnel.
"Never trust a computer you can't throw out a window."
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you.
How do I set a redirect route?
We talk about MacOs, but that's it. a UNIX system.
If you can give me an example, my ip would be: 192.168.1.22, netmask: 255.255.255.0 and my gateway 192.168.1.1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this: " sudo route -n add -net 192.168.1.0/24 192.168.1.22"
To remove: "sudo route -n delete 192.168.1.0/24"
If this doesn't work, post the output of 'netstat -rn' before and after making this change
"Never trust a computer you can't throw out a window."
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It does not work.
My ip is 192.168.1.22 and the gateaway is 192.168.1.1
Is the configuration you have indicated correct?
When I activate the VPN through forticliente, I connect to the VPN but it does not browse "on the local network".
The IP I need to connect to with VPN is 192.168.5.50
If I use netstat -rn I see:
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGScg en7
default 192.168.1.1 UGScIg en0
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
169,254 link#13 UCS en7 !
169,254 link#6 UCSI en0 !
192.168.1 link#13 UCS en7 !
192.168.1 link#6 UCSI en0 !
192.168.1.1/32 link#13 UCS en7 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en0 1194
192.168.1.1/32 link#6 UCSI en0 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en7 1194
192.168.1.22/32 link#13 UCS en7 !
192.168.1.22 0:24:32:18:7c:1e UHLWI lo0
192.168.1.35 86:87:3e:f5:85:cb UHLWI en0 927
192.168.1.35 86:87:3e:f5:85:cb UHLWIi en7 1163
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en0 1041
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en7 1041
192.168.1.38 70:70:aa:f2:2f:1d UHLWI en0 1150
192.168.1.38 70:70:aa:f2:2f:1d UHLWI en7 1150
192.168.1.42/32 link#6 UCS en0 !
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en0 491
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en7 491
192.168.1.47 38:8b:59:8e:de:52 UHLWIi en0 1124
192.168.1.47 38:8b:59:8e:de:52 UHLWIi en7 1170
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en0 1020
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en7 1020
224.0.0/4 link#13 UmCS en7 !
224.0.0/4 link#6 UmCSI en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
224.0.0.251 1:0:5e:0:0:fb UHmLWI en7
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en7
255.255.255.255/32 link#13 UCS en7 !
255.255.255.255/32 link#6 UCSI en0 !
And when I activate the VPN:
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGScg en7
default 192.168.1.1 UGScIg en0
default link#20 UCSIg utun5
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
169.254 link#13 UCS en7 !
169.254 link#6 UCSI en0 !
192.168.1 link#13 UCS en7 !
192.168.1 link#6 UCSI en0 !
192.168.1 192.168.1.1 UGScI utun5
192.168.1.1/32 link#13 UCS en7 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en0 1199
192.168.1.1/32 link#6 UCSI en0 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en7 1199
192.168.1.22/32 link#13 UCS en7 !
192.168.1.22 0:24:32:18:7c:1e UHLWIi lo0
192.168.1.35 86:87:3e:f5:85:cb UHLWI en0 1163
192.168.1.35 86:87:3e:f5:85:cb UHLWIi en7 1133
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en0 875
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en7 875
192.168.1.38 70:70:aa:f2:2f:1d UHLWI en0 1152
192.168.1.38 70:70:aa:f2:2f:1d UHLWIi en7 1087
192.168.1.42/32 link#6 UCS en0 !
192.168.1.42 a4:83:e7:d1:4f:da UHLWI lo0
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en0 325
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en7 325
192.168.1.47 38:8b:59:8e:de:52 UHLWI en0 1151
192.168.1.47 38:8b:59:8e:de:52 UHLWIi en7 1149
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en0 1180
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en7 1180
192.168.5.3/32 link#20 UCS utun5
192.168.5.3 link#20 UHWIi utun5
192.168.5.4/32 link#20 UCS utun5
192.168.5.5/32 link#20 UCS utun5
192.168.5.22/32 link#20 UCS utun5
192.168.5.23/32 link#20 UCS utun5
192.168.5.24/32 link#20 UCS utun5
192.168.5.25/32 link#20 UCS utun5
192.168.5.26/32 link#20 UCS utun5
192.168.5.29/32 link#20 UCS utun5
192.168.5.30/32 link#20 UCS utun5
192.168.5.31/32 link#20 UCS utun5
192.168.5.32/32 link#20 UCS utun5
192.168.5.33/32 link#20 UCS utun5
192.168.5.36/32 link#20 UCS utun5
192.168.5.43/32 link#20 UCS utun5
192.168.5.45/32 link#20 UCS utun5
192.168.5.50/32 link#20 UCS utun5
192.168.5.50 link#20 UHWIi utun5
192.168.50.1 192.168.50.1 UH utun5
224.0.0/4 link#13 UmCS en7 !
224.0.0/4 link#6 UmCSI en0 !
224.0.0/4 link#20 UmCSI utun5
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
224.0.0.251 1:0:5e:0:0:fb UHmLWI en7
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en7
239.255.255.250 link#20 UHmW3I utun5 81
255.255.255.255/32 link#13 UCS en7 !
255.255.255.255/32 link#6 UCSI en0 !
255.255.255.255/32 link#20 UCSI utun5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see two routes toward 192.168.5.50 and both using "link#20" as default gateway
192.168.5.50/32 link#20 UCS utun5
192.168.5.50 link#20 UHWIi utun5
So i guess you need to delete them and add only one :
sudo route -n add -net 192.168.5.50/32 192.168.1.1
Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
If you have found a solution, please like and accept it to make it easily accessible for others.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you.
How do I delete routes?
sudo route -n delete 192.168.5.50 ??
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Forticlient 7.4.1.1697 on Ubuntu 22.04.5 failing... 574 Views
- SSL VPN is not doing split... 350 Views
- VPNSSL Split tunneling using internet services 382 Views
- token pop-up closes as soon as... 823 Views
- Impossible to connect VPN in MacOS... 343 Views
Labels
-
FortiGate
8,500 -
FortiClient
1,722 -
5.2
801 -
FortiManager
715 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
460 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
309 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
223 -
FortiWeb
200 -
5.0
196 -
IPsec
188 -
FortiNAC
180 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
53 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
40 -
DNS
40 -
BGP
39 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
27 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1662 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.