Hello,
How is it possible that I enable this:
Enabled Based on Policy Destination
And I still get the IP of the office and not my home WIFI?
gameie_Primary # config vdom
gameie_Primary (vdom) # edit root
current vf=root:0
gameie_Primary (root) # config vpn ssl web portal
gameie_Primary (portal) # edit "vpn-rnd"
gameie_Primary (vpn-rnd) # show
config vpn ssl web portal
edit "vpn-rnd"
set tunnel-mode enable
set ip-pools "vpn-rnd-new"
next
end
gameie_Primary (vpn-rnd) # show full-configuration
config vpn ssl web portal
edit "vpn-rnd"
set tunnel-mode enable
set ipv6-tunnel-mode disable
set web-mode disable
set allow-user-access web ftp smb sftp telnet ssh vnc rdp ping
set limit-user-logins disable
set forticlient-download enable
set ip-mode range
set auto-connect disable
set keep-alive disable
set save-password disable
set ip-pools "vpn-rnd-new"
set split-tunneling enable
set split-tunneling-routing-negate disable
set dns-server1 0.0.0.0
set dns-server2 0.0.0.0
set dns-suffix ''
set wins-server1 0.0.0.0
set wins-server2 0.0.0.0
set dhcp-ra-giaddr 0.0.0.0
set client-src-range disable
set host-check none
set mac-addr-check disable
set os-check disable
set forticlient-download-method direct
set customize-forticlient-download-url disable
next
end
gameie_Primary (vpn-rnd) #
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you are using the "Enabled Based on Policy Destination" then your policy ID 2 has to have your specific subnets on your lan defined in the destination section. If you have all, like your image shows, then the split tunnel will match on every IP and not allow internet access through the end user's local network https://100001.onl/ .
So how can I solve it? I want everything to pass through the end user's local network except the interfaces of Fortigate.
Thanks
Hi captainit,
perhaps you may have a look at this: Enabling split tunnel feature for SSL-VPN - Fortinet Community
"It's not over 'till it's over"
Fortigate: 500E
ForticlientEMS
In sslvpn to lan policy specify fortigate lan interface subnet as destination so only fortigate lab subnet traffic will route over ssl vpn.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.