I am new to firewalls, so I hope this isn't a dumb question. We are preparing to possibly have a large portion of our work population now working from remote. We know this will be a huge strain on our VPN setup. We are required by our parent company to avoid split-tunnel, but are in the process of getting an exception for this due to the coronavirus outbreaks.
That being said, we would like to be a bit more conservative in our approach. Is it possible to require all traffic to go through the corporate network EXCEPT certain IPs or URLs? It seems simple to configure to allow all non-corporate traffic to split, but not a select list.
In a simple example: What if we wanted sites like YouTube.com to split, but nothing else? This is a SUPER simplification to help explain my question. :)
Thanks in advance!
Ray
You can apply a ip list and do split tunneling but a URL, no way to that unless you knew the IPs. Keep in mind SSL or IPSEC vpn traffic is going to impact your firewall and traffic throughput make sure your firewall is up to the job.
FWIW we had a customer who wanted the same thing any tried to route 80+ users thru a 100D and had major problems. In the end they deploted forticlient to give them the on/off-network security and to control the users. I would explore that approach if I was you.
Ken Felix
PCNSE
NSE
StrongSwan
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.