Hi, I have created a standard SSL VPN with Split Tunneling DISABLED, which is working fine.
However, I need to disable any traffic from the remote PC, when connected to the VPN, to it's local LAN.
I thought disabling Split tunnel might have forced this but not so.
Is there a way to achieve this?
Thanks.
I haven't done this before but in my theory if you remove ssl.root->internal policy and leave only ssl.root->wan policy, it would still establish SSL VPN with default route to the client and the FGT route user traffic toward the internet.
It has been a while, but I believe every route you define on the SSL VPN tunnel is redirected over the tunnel. If you select the zero route in the definition, in theory everything will be directed over the SSL VPN.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
How can you block traffic to the local LAN? The PC still needs to communicate with its local router to send the tunneled traffic over the internet
Hello,
Did you solve this problem?
Is it possible ?
Thanks
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2656 | |
| 1410 | |
| 810 | |
| 699 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.