Fortigate SSL VPN Gateway IP on Forticlient PC

yeagerrw · ‎03-05-2020

Hello on the forum!

We have a configuration need where the SSL VPN tunnel mode user gets assigned a single static IP assigned via the portal when they sign in, and this IP must be the same with every login. The appropriate IPs assign correctly among the different users logging in, but I noticed with split tunneling turned off, the VPN assigns a gateway on the Forticlient PC incremented +1 from their fourth octet on the IP.

For example: user gets assigned 192.168.1.1, and the gateway on the Forticlient PC = 192.168.1.2 and so forth (IPs used are just examples).

I've noticed that turning on split tunneling eliminates this gateway, but we don't want these clients to have internet access.

In the Addresses assigned through the VPN portals, I've tried assigning: a subnet = 192.168.1.1/32, and an IP range = 192.168.1.1 - 192.168.1.1 with no prevail. I've even tried configuring ippools with no prevail.

I do have a static route in the firewall SSL interface pointing to our router.

Any insight on getting rid of this virtual gateway would be appreciated!

Thank you.

arotek · ‎03-02-2025

We have the same problem, just with IPsec instead. However we get the std. GW = assigned IP +1 with Split Tunneling turned ON.

Did you ever find a solution?

pminarik · ‎03-03-2025

This is automatic, and not configurable. It is also worth pointing out that this is a point-to-point L3 link, so the gateway is essentially meaningless.

Is it actually causing any functional issues (if yes, let's discuss those), or is this only a cosmetic question?

[ corrections always welcome ]

Fortigate SSL VPN Gateway IP on Forticlient PC

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website