Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Icebun
New Contributor III

Created on ‎02-22-2022 01:13 AM

Incorrect routing table entry when SSL VPN is establised

I have a situation affecting some Dell Latitude Laptops (54xx series).

 

When the VPN is established, there is an incorrect routing entry in the Windows 10 table for our LAN resources where the Gateway points to the IP address of the users home router rather than the VPN interface IP.

 

Manually deleting the route fixes the issue but that requires elevated privileges so not practical.

 

Ticket officially logged but just wondering if anyone has experienced this before?

 

The only way around is to create some sort of windows scheduled task that will run the delete route command with elevated permissions.

 

The problem I am having with this is to capture the right trigger as the VPN is established, either in event viewer or some process running in Task Manager.

 

Can anyone help with identifying any of the above as well?

 

 

 

Labels:
10779
13 REPLIES 13
giowolf
New Contributor

Created on ‎07-21-2022 08:37 AM

Hi.

I'm facing this identical problem today.

On a dell Win PC, a route for our server network  appears dinamically and redirect trafic to gateway instead tunnel interface.

 

this route appear and disapper in route print following my attemps to contact some server.

 

I solved the problem by pushing a more granular route into the VPN portal setup.

Just yesterday I installed some additional Dell software tools.
I suspect that the network switching function of "dell optimizer" is causing this

2967
0 Kudos
lunhas2k4
New Contributor II

Created on ‎08-11-2022 08:27 AM

Hi guys, 

Just had the same issue! For some odd reason on my "Linux" machine I didn't have the issue, on my virtual "Windows 10" machine inside my  Linux machine it works perfectly. 

We are using FortiOS 7.0.3. We changed a CLI setting  "set split-tunneling-routing-negate" to disable. For some odd reason on the GUI when you enable split-tunnel this setting gets enabled.

The other way would be to use the "Enable Based on Policy Destination" option. Which has the setting "set split-tunneling-routing-negate" disabled by default. 

It might have been corrected on recent updates by the Fortinet. 

Let us know if this was helpful! 

Carlitos loves firewalls

NSE4 (5.4,6.0)

NSE5 (Fortimanager 6.0, Fortianalyzer 6.0)

NSE7 (Enterprise Firewall 6.0)

Carlitos loves firewalls NSE4 (5.4,6.0) NSE5 (Fortimanager 6.0, Fortianalyzer 6.0) NSE7 (Enterprise Firewall 6.0)
2512
0 Kudos
InsertSmartUsername
New Contributor

Created on ‎11-30-2023 04:23 AM Edited on ‎11-30-2023 04:54 AM

Experienced exact same issue as @Icebun on Dell Latitude 5530.
Disabled the "Network" portion in Dell Optimizer application and this resolved the issue and routing table issue.

We had a VPN split tunnel /23 network object and the last subnet in the /23 subnet was creating another /24 subnet entry in the laptop routing table which was routing via the home Wi-Fi IP or Wi-Fi hotspot IP.

 

Screenshot 2023-11-30 134708.pngScreenshot 2023-11-30 134747.png

 

569
0 Kudos
Umer221
Staff
Staff

Created on ‎11-30-2023 04:37 AM

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Lost-internet-connection-when-connec...

 

 

Try using this article. 

566
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.