Hi community,
Can someone please point me in the direction of a KB article explaining how to limit traffic that goes over the SSL VPN? I want users to access systems, but all internet, especially o365 traffic needs to break out locally form the users' computers/internet.
From what I can tell split tunneling is what I need to look at, but that's about as far as my experience goes.
Any help much appreciated.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes, split tunneling is a very common configuration. You can simply enable it in the SSL VPN Settings.
The only traffic that will go across the VPN then is the traffic you either define under the Split Tunnel config (extra options will appear in the GUI) or it will be determined by what policies the user has access to upon login. I do the latter personally.
Thanks for the response and guidance. I currently have it configured as follow:
I'll look at limiting the traffic as per your recommendation, thanks. From now I'd just like to get it working.
Running a trace route to an IP, both connected and disconnected I get the same hope and routes, which leads me to believe the internet is not going over the VPN, which is good and seem to be working.
I do find that browsing the internet once connected is very slow. It his a typical finding? It's as though DNS takes just a little bit longer to resolve. The moment I disconnect the VPN, browsing speed is back to normal.
Thanks
Have you gone through the cookbook already? https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/941552/editing-the-ssl-vpn-portal (if you have 6.0.?)
You can use Routing address are the addresses you want going through the SSL-VPN connection.
Dave
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.