Is there any possible to route the public domain for example abc.com going via firewall outgoing interface? For example SSL VPN user trying to access xyz.abc.com, then fortigate will redirect the traffic via outgoing interface, else other traffic will exit SSL VPN users default gateway.
Of course, you just have to include that in the split tunnel routing the same way you would for other LAN traffic. In our particular case, I leave the split tunnel config blank and let the firewall build the split tunnel list by what policies are allowed. If you do this the same, you simply need a policy to that destination with the appropriate users going from the ssl.root to the wan. You can add more destinations as needed.
what if some domains using dynamic public ip addresss with load balancer? for example nslookup xyz.aabbcc.com, will resolved 2 ip addresses 10.10.10.10, 20.20.20.20, and then after few hours change it to 30.30.30.30 and 40.40.40.40. I can't keep monitoring the ip address and add it into fortigate firewall right?
Why not use an FQDN address object so that it keeps up with those changes dynamically? I assumed that's what you intended to do in the first place.
Hi
did you solve the issue?
I am looking for a solution.
Thank you
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.