We are migrating from a Fortigate 30E (firmware 5.4.3) to a FortiWiFi 60F (firmware 6.4.3). The IPsec VPN on the new device was set up using the wizard, and with split tunnel enabled. This worked fine on the old unit but on the new one the VPN works but cuts off internet access. (We also have SSL VPN configured for split tunnel and there is no problem with that on either device.)
What appears to be happening is that after connecting to the 60F's IPsec VPN, the routing table on the client winds up with two default routes. The additional default route added points to an address in the VPN tunnel and internet access no longer works. This does not happen when connecting to the 30E's IPsec VPN, or SSL VPN on either device.
Client software is Forticlient 5.6.2.117 running on Windows 10. I have double-checked that "Enable IPv4 Split Tunnel" is enabled in the 60F's IPsec configuration, and accessible networks is set to "IPsec VPNsplit". Is there some other setting required to get split tunneling to work?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I'd suggest upgrading FortiClient. I'm not sure if FortiClient 5.6 is still 100% compatible with FortiOS 6.4.
I remember having had similar issues which were fixed by upgrading Forticllient.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
I'd suggest upgrading FortiClient. I'm not sure if FortiClient 5.6 is still 100% compatible with FortiOS 6.4.
I remember having had similar issues which were fixed by upgrading Forticllient.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
As a test I uninstalled the old Forticlient and installed the latest (version 6.4), but unfortunately the problem persists. Exact same symptom, the VPN works but internet is cut off and two default gateways appear in the routing table
As a further test I disabled split tunnel in the IPsec configuration, with the same result - the VPN works but the client PC's internet access is cut off and the same change in the routing table is made where there are two default routes.
Solved by Fortinet support. I had an incorrect setting under Firewall Policy after enabling split tunneling in the VPN configuration.
@sermeidis - There is no "magic" config to enable/disable for split tunneling to work, just a matter of correct security policy and SSL VPN settings. Better chance of help if you describe your specific setup/situation.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.