Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Wolvman
New Contributor

Preventing Web Filtering From Affecting VPN Connections

Hi everyone. I'm trying to figure out how to make sure that our web/DNS filtering settings do not affect our remotely connected sites or Forticlient VPN users.

 

Our main site has a new Fortigate 80F running on FortiOS 7.0.1 with web filtering and DNS filtering turned on. We also have two remote sites with a 60E and a 60D connected to firewall through two IPsec tunnels mostly so that we can share files between one another. Additionally we have a couple of users who connect to the 80F via the Foritclient app using both the IPSec and SSL-VPN methods depending on their situation.

 

We do not have any web filtering or dns filtering active at the remote sites but I noticed that with the IPsec tunnel setup the web filtering settings of the 80F is passing through to them as well as any Forticlient users. So if a site is blocked at the main site it seems to also be blocked at the remote sites. Is there anyway that I can prevent these filtering settings from affecting the remote locations and users? We really want to ensure that only the necessary traffic is moving between the sites and anything that can normally be reached by going onto the internet is done outside of the VPN connection.

 

I figured split tunneling would help with this so I made sure to enable it during the setup process for our IPsec tunnels and the SSL-VPN configuration but it doesn't not seem to have helped. Maybe I'm not grasping the concept of split tunneling correctly. I also no longer see the checkbox for split tunneling on our two tunnels now that I have converted them to custom tunnels so I wonder if it disabled that option on them. That does not however explain why Forticlient users are having their webpages blocked when connected to the main site as I can see that split tunneling is enabled on both.

 

Any help would be much appreciated. Thank you.

1 REPLY 1
mgoswami
Staff
Staff

Hi,

 

You may refer to this link and see if correct routing address is mentioned in the Split Tunneling.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

 

BR,

Manosh

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors