Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CraigCCNZ
New Contributor II

Created on ‎06-25-2024 04:35 PM

How do I avoid using default gateway on the remote network in FortiClient VPN

We are currently in the process of switching over to the FortiClient VPN (v7.0.0.0029) from the DrayTek Smart VPN Client and I notice that all of my traffic is now being piped through the VPN, instead of just the traffic that requires it.

 

Our FortiClient is set up to use IPsec VPN.

 

The DrayTek VPN has a setting named Use default gateway on remote network and I always have this switched off.  I'm trying to find a similar setting in the FortiClient VPN.

 

Sorry.  I'm not overly familiar with all the network jargon, so please forgive me for that.  I see a bunch of settings under Advance Settings, but nothing that appears equivalent to the DrayTek setting.

 

Thank you in advance for any assistance provided.

Labels:
2894
0 Kudos
1 Solution
CraigCCNZ
New Contributor II

Created on ‎07-02-2024 06:23 PM

This was fixed in the backend by our system admin.  No change to the client was required.

View solution in original post

2672
0 Kudos
5 REPLIES 5
srajeswaran
Staff
Staff

Created on ‎06-25-2024 10:34 PM

You need split tunnelling, can you check the configuration suggested in below articles.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enable-split-tunnel-For-IPsec-VPN/ta-p/192...
https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiClient-Dialup-IPsec-VPN-Split-Tunnel...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
2838
CraigCCNZ
New Contributor II
In response to srajeswaran

Created on ‎06-27-2024 03:56 PM Edited on ‎06-27-2024 03:57 PM

Thank you for the info.  It sounds like it's not just a straightforward client setting.  Something needs to happen on the VPN host.  I've forwarded these links on to our system administrator.

2762
0 Kudos
hjezzapaula
Staff
Staff

Created on ‎06-25-2024 10:45 PM

Hi,

You may configure split-tunneling so remote clients access to internet will be forwarded to their local gateway.

config vpn ipsec phase1-interface
edit "<Dialup VPN Name>"
set ipv4-split-include "<Internal Network Address Name>"
end

Remote client will only use the tunnel for "Internal Network Address" destined traffic.
See: https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiClient-Dialup-IPsec-VPN-Split-Tunnel...

2832
CraigCCNZ
New Contributor II
In response to hjezzapaula

Created on ‎06-27-2024 03:56 PM Edited on ‎06-27-2024 03:57 PM

Thank you for the info.  It sounds like it's not just a straightforward client setting.  Something needs to happen on the VPN host.  I've forwarded this link on to our system administrator.

2761
0 Kudos
CraigCCNZ
New Contributor II

Created on ‎07-02-2024 06:23 PM

This was fixed in the backend by our system admin.  No change to the client was required.

2673
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.