i've Set up an IPSEC DialUp VPN on a Fortigate and want to enable Split Tunnel.
VPN Client Windows 10 Built In
Internal Network 1: 10.0.0.0 / 255.0.0.0
Internal Network 2: 192.168.170.0 / 255.255.255.0
When i Connect with the Windows Client there will be a Route to Network 1 pushed to the Client.
But no route to Network 2.
When i add the route manually to the windows Client everything works as expected.
How can i tell the Fortigate to push this route to the Client?
config vpn ipsec phase1-interface
set type dynamic
set interface "****"
set ike-version 2
set local-gw *****
set authmethod signature
set net-device disable
set mode-cfg enable
set proposal aes256gcm-prfsha384
set dpd on-idle
set dhgrp 20
set eap enable
set eap-identity send-request
set authusrgrp "RADIUS"
set certificate "VPN ******"
set peer "******"
set assign-ip-from dhcp
set dns-mode auto
set ipv4-split-include "VPN-Employees-Split"
set client-auto-negotiate enable
set client-keep-alive enable
set dpd-retryinterval 60
config vpn ipsec phase2-interface
set phase1name "Employees"
set proposal aes256gcm
set dhgrp 20
set keepalive enable
set keylifeseconds 3600
Split Group "VPN-Employees-Split" is a group that contains Subnet Internal Network 1 & 2
Is this even possible what i want to do? (Forti OS 7.2.2)
One is type "Subnet" and the Other is type "Interface Subnet" but i've also created both as "Subnet" and there was no difference.
We would like to use Windows Internal Client as we use this at the moment with another Firewall and we want to replace this Solution with this Fortinet. Forticlient would also need to deploy on all Systems which will be an additional hughe project.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.