SSL VPN Stop traffic to Local LAN

IanEdwards · ‎01-21-2019

Hi, I have created a standard SSL VPN with Split Tunneling DISABLED, which is working fine.

However, I need to disable any traffic from the remote PC, when connected to the VPN, to it's local LAN.

I thought disabling Split tunnel might have forced this but not so.

Is there a way to achieve this?

Thanks.

Toshi_Esumi · ‎01-22-2019

I haven't done this before but in my theory if you remove ssl.root->internal policy and leave only ssl.root->wan policy, it would still establish SSL VPN with default route to the client and the FGT route user traffic toward the internet.

rwpatterson · ‎01-22-2019

It has been a while, but I believe every route you define on the SSL VPN tunnel is redirected over the tunnel. If you select the zero route in the definition, in theory everything will be directed over the SSL VPN.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

jamesmeuli · ‎01-22-2019

How can you block traffic to the local LAN? The PC still needs to communicate with its local router to send the tunneled traffic over the internet

Jabub · ‎11-11-2019

Hello,

Did you solve this problem?

Is it possible ?

Thanks

SSL VPN Stop traffic to Local LAN

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website