Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

NAT is not working in VPN SSL

I have a VPN SSL configured.

I can conect in the VPN with the company, but when I see my external IP address in the internet, is not external address of company.

For example:

In my company , the external IP address is

In my home, the external IP address is

I am conected in the VPN with the company, but my external IP address is

I checked the settings, and it has NAT enabled. Everything was working before but now it doesn't work

What I need to do ?

My Fortigate is Fortigate 300D

Esteemed Contributor III

So you are saying at least previously your default route was pointing into the tunnel and you're internet bound traffic was going over the tunnel then get out from the company's 300D. But now go out via your local internet connection.

Then likely the split-tunnel is not in place at the 300D. If you're not managing config on the 300D, you need to ask the person who does that then get trableshoot whatever not working now. You can't do much on the client side.




Yes, but my route is correct.


I tryed everything, but is not working.



Esteemed Contributor III

are you talking about "FortiGate as SSL VPN Client"? Not Forticlient or Forticlient VPN app?


SSL VPN Client.


I checked split-tunnel is enable. But still is not working,



Esteemed Contributor III

It's opposite. If slit-tunnel is enabled, the default internet from the client side doesn't go though the server side, but goes out to the internet locally.


Dear Pacheco82p,
Hope you are doing good.
Please be informed that if split tunnel is enabled then only the traffic which matches the split tunneling policy will be routed to fortigate, rest all other traffic will pass to internet through the local ISP network configured at client side.



Hi, OK, now split tunel is disable. 

I can access company local network with VPN. But I can not access internet. 

So now what I need to do? Please, show me a example.

Esteemed Contributor III

You said everything was working before. Did you remove/change the policy toward the internet from the ssl.root with NAT?




No, I am not changed. Now I am trying to reconfigure again.

I think that I need a step-by-step. I am lost now.

Can you help?

Top Kudoed Authors