Fortinet Community

chr1zzo · ‎09-01-2023

Hello,

i am trying to route some ssl vpn traffic to a specific server over our firewall. the server i am trying to reach is a hyperforce infrastructure with frequently changing ip addresses. so it is no option to add a route for an ipv4 address. instead the option would be to add a FQDN instead of an ipv4 address. but it is not available to add an FQDN to the split tunneling tunnel mode routing address override.

Is there a option i can do this.

(perhaps a cronscript witch performs a lookup an adds the ipv4 addresses to an address group?)

thanks a lot

hbac · ‎09-01-2023

Hi @chr1zzo,

If you have split tunneling enabled based on policy destination, you don't need routing address override. You can specify the FQDN as a destination in the firewall policy. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Access-to-Specific-FQDN-using-Split-Tunnel...

Please make sure the FortiGate is able to resolve the FQDN of your interface server.

Regards,

View solution in original post

hbac · ‎09-01-2023

Hi @chr1zzo,

If you have split tunneling enabled based on policy destination, you don't need routing address override. You can specify the FQDN as a destination in the firewall policy. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Access-to-Specific-FQDN-using-Split-Tunnel...

Please make sure the FortiGate is able to resolve the FQDN of your interface server.

Regards,

mle2802 · ‎09-01-2023

Hi @chr1zzo ,

You can do FQDN as destination for the SSL VPN policy as instruction from @hbac. Please make sure to have DNS server resolve the FQDN on both FGT and Client.

chr1zzo · ‎09-06-2023

Hi @hbac @mle2802

It works. Thanks a lot!

Fortinet Community

SSL VPN Split Tunneling Routing Address FQDN