Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Remote FAP with Split Tunneling

Hi everyone,


I have a FAP 221C on a remote site. It is connected to the network on the remote site and connects via capwap to the FG on our main site. Now I tried to use split tunneling on the FAP Profile. I want the remote traffic to split into behind our FG and the rest of the traffic is supposed to use the remote sites local internet access. So I entered to the split tunnel acl on the profile. This didn't work. I tried a tunnel SSID and a bridge SSID. I couldn't find a cookbook for this. Can anyone help? Do I have to configure anything on the AP directly for this to work? Or is it just not possible with this modle since it isn't a "remote" FAP?


You don't need to configure anything on the AP. Split-tunnel only applies to tunnel-mode VAP. 


1) enable split tunnel and configure acl under wtp-profile you applied to AP config wireless-controller wtp-profile edit "test" set split-tunneling-acl-path tunnel <----traffic matching acl below is tunnelled up to FGT. Otherwise, it stays local config split-tunneling-acl edit 1 set dest-ip next end 2) enable split tunnel under VAP ( only for tunnel mode VAP) FortiWiFi-61E # config wireless-controller vap FortiWiFi-61E (vap) # edit vap1 FortiWiFi-61E (lwang-tun-2) # set split-tunneling enable


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors