Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jannik
New Contributor

Remote FAP with Split Tunneling

Hi everyone,

 

I have a FAP 221C on a remote site. It is connected to the network 192.168.178.0/24 on the remote site and connects via capwap to the FG on our main site. Now I tried to use split tunneling on the FAP Profile. I want the remote traffic to split into 192.168.99.0/24 behind our FG and the rest of the traffic is supposed to use the remote sites local internet access. So I entered 192.168.99.0/24 to the split tunnel acl on the profile. This didn't work. I tried a tunnel SSID and a bridge SSID. I couldn't find a cookbook for this. Can anyone help? Do I have to configure anything on the AP directly for this to work? Or is it just not possible with this modle since it isn't a "remote" FAP?

1 REPLY 1
wanglei_FTNT
Staff
Staff

You don't need to configure anything on the AP. Split-tunnel only applies to tunnel-mode VAP. 

 

1) enable split tunnel and configure acl under wtp-profile you applied to AP config wireless-controller wtp-profile edit "test" set split-tunneling-acl-path tunnel <----traffic matching acl below is tunnelled up to FGT. Otherwise, it stays local config split-tunneling-acl edit 1 set dest-ip 192.168.99.0 255.255.255.0 next end 2) enable split tunnel under VAP ( only for tunnel mode VAP) FortiWiFi-61E # config wireless-controller vap FortiWiFi-61E (vap) # edit vap1 FortiWiFi-61E (lwang-tun-2) # set split-tunneling enable

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors