Forticlient ZTNA Adding default route on split remote tunnel

Adeel12 · ‎03-11-2025

Hi All,

I am facing an issue with my IPsec remote VPN split tunnel configuration on FortiGate. When a user connects using FortiClient-VPNonly addition client software, it works fine. However, when the user connects using the FortiClient-ZTNA edition, the default route (0.0.0.0/0) is added to the host machine, forcing all traffic through the VPN, even though split tunneling is configured.

Anyone has any idea?

AEK · ‎03-11-2025

Hi Adeel

Which FortiClient version?

AEK

Adeel12 · ‎03-11-2025

Its Updated Version v7.4.2.1737

AEK · ‎03-11-2025

Didn't find such issue in the known issues list.

I already configured split tunnel IPsec for FCT 7.4.0 (licensed edition) and it worked fine.

If you can't try FCT 7.4.0 or 7.4.1 (just to make sure) then I suggest to manually remove the injected gateway while you initiate a ticket with TAC for a sustainable solution.

AEK

Adeel12 · ‎03-11-2025

Fortigate Firewall Version is V7.2.8 Build 1639, and Forticlient-ZTNA edition version is v7.4.2.1737.
Thanks for your kind response. The issue is fixed for me by reinstalling the Forticlient. IDK what's the issue, but it fixed automatically.

Forticlient ZTNA Adding default route on split remote tunnel

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website