Hello good.
I have installed Forticlient on my Mac.
I connect perfectly to my VPN, but it leaves me without connection to my calls or "local" resources.
I can't browse the internet on my network, or access my printer.
I need to make a route that allows only the calls I want to go out through the VPN.
How can I do split tunneling for Forticliente on MacOs Sonoma?
I know there is no configuration panel option and you have to do it using the terminal and commands.
Does anyone know how?
Thank you.
Split-tunneling is generally configured from the FortiGate side of things, not on the end-client.
If you are the administrator of the FortiGate, you can follow this guide: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
Thanks for the reply.
I understand that then what the system does is go out through the VPN, but if it is configured as the link says, the call is "returned" to the local computer so that it directs it to its network, is that correct?
But, if we cannot manage the configuration on the server side, since it is a third-party service...
Can't I redirect my network traffic before it goes outside the VPN?
Hi @ajdelgado ,
From FortiClient perspective the decision is made based on the destination you are trying to reach, whether to route the traffic through the VPN tunnel or the local gateway.
You will need the help of the FortiGate administrator to achieve what you want.
Perhaps is easy to request a change to the Service Provider and they can help you further.
I am just thinking if it is possible to have another NIC installed on Mac(not sure if possible) which connects locally on another network.
Created on 03-26-2024 12:13 PM Edited on 03-26-2024 12:14 PM
You can try and add a route with the subnet of your local network, and have it be a better metric than the FortiClient default route. Everything that does not match the local network route will be sent over the tunnel.
Thank you.
How do I set a redirect route?
We talk about MacOs, but that's it. a UNIX system.
If you can give me an example, my ip would be: 192.168.1.22, netmask: 255.255.255.0 and my gateway 192.168.1.1
Try this: " sudo route -n add -net 192.168.1.0/24 192.168.1.22"
To remove: "sudo route -n delete 192.168.1.0/24"
If this doesn't work, post the output of 'netstat -rn' before and after making this change
It does not work.
My ip is 192.168.1.22 and the gateaway is 192.168.1.1
Is the configuration you have indicated correct?
When I activate the VPN through forticliente, I connect to the VPN but it does not browse "on the local network".
The IP I need to connect to with VPN is 192.168.5.50
If I use netstat -rn I see:
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGScg en7
default 192.168.1.1 UGScIg en0
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
169,254 link#13 UCS en7 !
169,254 link#6 UCSI en0 !
192.168.1 link#13 UCS en7 !
192.168.1 link#6 UCSI en0 !
192.168.1.1/32 link#13 UCS en7 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en0 1194
192.168.1.1/32 link#6 UCSI en0 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en7 1194
192.168.1.22/32 link#13 UCS en7 !
192.168.1.22 0:24:32:18:7c:1e UHLWI lo0
192.168.1.35 86:87:3e:f5:85:cb UHLWI en0 927
192.168.1.35 86:87:3e:f5:85:cb UHLWIi en7 1163
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en0 1041
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en7 1041
192.168.1.38 70:70:aa:f2:2f:1d UHLWI en0 1150
192.168.1.38 70:70:aa:f2:2f:1d UHLWI en7 1150
192.168.1.42/32 link#6 UCS en0 !
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en0 491
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en7 491
192.168.1.47 38:8b:59:8e:de:52 UHLWIi en0 1124
192.168.1.47 38:8b:59:8e:de:52 UHLWIi en7 1170
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en0 1020
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en7 1020
224.0.0/4 link#13 UmCS en7 !
224.0.0/4 link#6 UmCSI en0 !
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
224.0.0.251 1:0:5e:0:0:fb UHmLWI en7
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en7
255.255.255.255/32 link#13 UCS en7 !
255.255.255.255/32 link#6 UCSI en0 !
And when I activate the VPN:
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGScg en7
default 192.168.1.1 UGScIg en0
default link#20 UCSIg utun5
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
169.254 link#13 UCS en7 !
169.254 link#6 UCSI en0 !
192.168.1 link#13 UCS en7 !
192.168.1 link#6 UCSI en0 !
192.168.1 192.168.1.1 UGScI utun5
192.168.1.1/32 link#13 UCS en7 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en0 1199
192.168.1.1/32 link#6 UCSI en0 !
192.168.1.1 2c:ea:dc:4d:cb:0 UHLWIir en7 1199
192.168.1.22/32 link#13 UCS en7 !
192.168.1.22 0:24:32:18:7c:1e UHLWIi lo0
192.168.1.35 86:87:3e:f5:85:cb UHLWI en0 1163
192.168.1.35 86:87:3e:f5:85:cb UHLWIi en7 1133
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en0 875
192.168.1.36 a4:55:90:b7:c1:10 UHLWI en7 875
192.168.1.38 70:70:aa:f2:2f:1d UHLWI en0 1152
192.168.1.38 70:70:aa:f2:2f:1d UHLWIi en7 1087
192.168.1.42/32 link#6 UCS en0 !
192.168.1.42 a4:83:e7:d1:4f:da UHLWI lo0
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en0 325
192.168.1.43 1e:df:d7:85:ba:94 UHLWI en7 325
192.168.1.47 38:8b:59:8e:de:52 UHLWI en0 1151
192.168.1.47 38:8b:59:8e:de:52 UHLWIi en7 1149
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en0 1180
192.168.1.48 b6:cc:37:87:8e:c3 UHLWI en7 1180
192.168.5.3/32 link#20 UCS utun5
192.168.5.3 link#20 UHWIi utun5
192.168.5.4/32 link#20 UCS utun5
192.168.5.5/32 link#20 UCS utun5
192.168.5.22/32 link#20 UCS utun5
192.168.5.23/32 link#20 UCS utun5
192.168.5.24/32 link#20 UCS utun5
192.168.5.25/32 link#20 UCS utun5
192.168.5.26/32 link#20 UCS utun5
192.168.5.29/32 link#20 UCS utun5
192.168.5.30/32 link#20 UCS utun5
192.168.5.31/32 link#20 UCS utun5
192.168.5.32/32 link#20 UCS utun5
192.168.5.33/32 link#20 UCS utun5
192.168.5.36/32 link#20 UCS utun5
192.168.5.43/32 link#20 UCS utun5
192.168.5.45/32 link#20 UCS utun5
192.168.5.50/32 link#20 UCS utun5
192.168.5.50 link#20 UHWIi utun5
192.168.50.1 192.168.50.1 UH utun5
224.0.0/4 link#13 UmCS en7 !
224.0.0/4 link#6 UmCSI en0 !
224.0.0/4 link#20 UmCSI utun5
224.0.0.251 1:0:5e:0:0:fb UHmLWI en0
224.0.0.251 1:0:5e:0:0:fb UHmLWI en7
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI en7
239.255.255.250 link#20 UHmW3I utun5 81
255.255.255.255/32 link#13 UCS en7 !
255.255.255.255/32 link#6 UCSI en0 !
255.255.255.255/32 link#20 UCSI utun5
I see two routes toward 192.168.5.50 and both using "link#20" as default gateway
192.168.5.50/32 link#20 UCS utun5
192.168.5.50 link#20 UHWIi utun5
So i guess you need to delete them and add only one :
sudo route -n add -net 192.168.5.50/32 192.168.1.1
Thank you.
How do I delete routes?
sudo route -n delete 192.168.5.50 ??
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.