Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Icebun
New Contributor III

Incorrect routing table entry when SSL VPN is establised

I have a situation affecting some Dell Latitude Laptops (54xx series).

 

When the VPN is established, there is an incorrect routing entry in the Windows 10 table for our LAN resources where the Gateway points to the IP address of the users home router rather than the VPN interface IP.

 

Manually deleting the route fixes the issue but that requires elevated privileges so not practical.

 

Ticket officially logged but just wondering if anyone has experienced this before?

 

The only way around is to create some sort of windows scheduled task that will run the delete route command with elevated permissions.

 

The problem I am having with this is to capture the right trigger as the VPN is established, either in event viewer or some process running in Task Manager.

 

Can anyone help with identifying any of the above as well?

 

 

 

13 REPLIES 13
giowolf
New Contributor

Hi.

I'm facing this identical problem today.

On a dell Win PC, a route for our server network  appears dinamically and redirect trafic to gateway instead tunnel interface.

 

this route appear and disapper in route print following my attemps to contact some server.

 

I solved the problem by pushing a more granular route into the VPN portal setup.

Just yesterday I installed some additional Dell software tools.
I suspect that the network switching function of "dell optimizer" is causing this

lunhas2k4
New Contributor III

Hi guys, 

Just had the same issue! For some odd reason on my "Linux" machine I didn't have the issue, on my virtual "Windows 10" machine inside my  Linux machine it works perfectly. 

We are using FortiOS 7.0.3. We changed a CLI setting  "set split-tunneling-routing-negate" to disable. For some odd reason on the GUI when you enable split-tunnel this setting gets enabled.

The other way would be to use the "Enable Based on Policy Destination" option. Which has the setting "set split-tunneling-routing-negate" disabled by default. 

It might have been corrected on recent updates by the Fortinet. 

Let us know if this was helpful! 

Carlitos loves firewalls

NSE4 (5.4,6.0)

NSE5 (Fortimanager 6.0, Fortianalyzer 6.0)

NSE7 (Enterprise Firewall 6.0)

Carlitos loves firewalls NSE4 (5.4,6.0) NSE5 (Fortimanager 6.0, Fortianalyzer 6.0) NSE7 (Enterprise Firewall 6.0)
InsertSmartUsername
New Contributor

Experienced exact same issue as @Icebun on Dell Latitude 5530.
Disabled the "Network" portion in Dell Optimizer application and this resolved the issue and routing table issue.

We had a VPN split tunnel /23 network object and the last subnet in the /23 subnet was creating another /24 subnet entry in the laptop routing table which was routing via the home Wi-Fi IP or Wi-Fi hotspot IP.

 

Screenshot 2023-11-30 134708.pngScreenshot 2023-11-30 134747.png

 

Umer221
Staff
Staff
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors