Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Iosu
New Contributor

Forticlient IPSEC VPN block Internet Access

Hi, I sucessfully configured the VPN between a remote user and my office. The user can access to the folders and resources from the office remotely, but the Forticlient VPN block access to Internet. The user can' t access to Internet while he is connected throw the VPN. How can I do to connect to Forticlient and navigate on Internet at the same time?? I road something about change the default gateway on the advance settings of the TCP/IP Windows Forticlient Network adapter. but I don' t have that option on the Forticlient network adapter that Windows create for Forticlient. Any advice?? Thank you in advance. I use Forticlient 4.3.5. Only forticlient IPSEC module. Regards
5 REPLIES 5
ArcticWolf
New Contributor

under advanced tab on the client you have a window for remote networks. if you have 0.0.0.0 0.0.0.0 in here it will force all traffic to go across the tunnel even internet traffic, if you remove that and just put the remote networks that you want to traverse the tunnel in there you will be able to browse the internet directly with out going through the tunnel and through the head office firewall.
Ver 4.0 1-FG300A-hd 1-FG310B 4-FG60 6-FG60B Ver 3.0 1-FAZ800 1-FortiManager400B Ver 4.12 50-Forticlient 50-Forticlient Mobile
Ver 4.0 1-FG300A-hd 1-FG310B 4-FG60 6-FG60B Ver 3.0 1-FAZ800 1-FortiManager400B Ver 4.12 50-Forticlient 50-Forticlient Mobile
Rick_H
New Contributor III

Make sure you have a policy that allows traffic from the FortiClient' s virtual interface to your outside interface.
Chris_Lin_FTNT

Another option is to configure split-tunnel on your FortiGate, so that only traffic going to your office network gets into VPN tunnel. You can find out how to configure split-tunnel from FortiOS manual.
Rick_H

Keep in mind that split-tunneling is a potential security hole. It allows the host utilizing split tunneling to be used as a proxy from the internet to the inside of a network. Using that vector for attack requires a lot of foreknowledge by the attacker, but the potential does exist.
Iosu
New Contributor

Thank you for your advises. I tried to update the firewall rule to allow everything now, only to check if that was the problem. I checked two option rules: 1. All the VPN_USER_IP_RANGE --> to--> Internal network --Allow any service. 2. All the VPN_USER_IP_RANGE --> to--> Wan1 connection --Allow any service. I had the same problem. On the other hand, I tried to update the client configuration. I had a DHCP services for VPN clients and it works well. the client receive valid IP addresses, but not for gateway address and DSN too. I configure the gateway and the DSN manually on the forticlient virtual addapter but I can' t navigate while the VPN is up too. I am not an expert user on manage forticlient, so thank you in advance for any advise.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors