Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

How to route specific IP to specific protocol on VPN Tunnel


I need to route a whole subnet to specific IP address Via VPN tunnel.

as an example i have subnet of and i want to route All RDP traffic to through VPN tunnel.

 (I already have a stable VPN connection between both ends)



Contributor II

Is the your local subnet?

And is there an existing VPN tunnel or do you also need to create the VPN tunnel?


@ShawnZA Hi,

I already have a stable VPN connection.



Esteemed Contributor III

If your VPN is a site-to-site VPN (IPsec of course), the tunnel name already is a virtual interface to which you can route.

Create a new static route (Network>Static Routes), target network= (or even smaller like, interface=tunnel_name, gateway=(leave empty).


This particular setup works for IPsec VPNs, you don't have to specify a gateway address.

Then you need an outbound policy from LAN to tunnel, and of course the same on the other side.


Note that you cannot route just RDP traffic to the tunnel, and other traffic elsewhere. Wouldn't make much sense anyway.


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Valued Contributor III

Could this not be done with a policy route?


Bob - self proclaimed posting junkie!
See my Fortigate related scripts at:

Bob - self proclaimed posting junkie!See my Fortigate related scripts at:
Esteemed Contributor III



if you can determine the route just by looking at the destination address, use a regular route. If you need other information, like source address or interface, use a Policy Based Route.

I personally don't like PBRs much although this is better supported in FOS v6 than before (CLI only). For instance, there is no indication in the Routing Monitor that a PBR is in place. Might cost a lot of time until you realize if you haven't set it up yourself.


So, yes, a PBR would do the job as it is a 'super set' of regular routing.


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Top Kudoed Authors