I have a device providing a full PTP IPSEC tunnel back to the main office. The problem that we have run into is that access to Fortiguard seems to be broken with the full tunnel. Ideally we would like to tunnel everything EXCEPT Fortiguard traffic.
Does anyone have an easy way to do that?
I have tried rerouting or exempting specific IP addresses but the Fortigate uses a pretty long list of servers to communicate with Fortiguard and it doesn' t seem like they all perform the same function and the more I specify FDN as a list of IPs the more this solution feels like a hack that could break the minute Fortiguard makes FDN changes.
Network Engineer