SSL VPN split tunneling route

comas17 · ‎07-02-2012

Hi all I have a Fortigate 60C (firmware v4.0,build5849,110804 (MR2)) and I have configured SSL VPN connections using tunnel mode Everything is working but when I connect to my VPN from remote I can only use VPN connection and I cannot navigate to other addresses or websites I was thinking it was a " split tunneling" problem but in the user guide I found " Split tunneling is enabled by default. When enabled, only traffic that requires the SSL VPN is sent through the tunnel. Other traffic follows the userâ€™s regular routing." I have 2 static routes configured: Destination IP/Mask: 0.0.0.0/0.0.0.0 Device: wan1 Gateway: gateway IP that our ISP gave us Destination IP/Mask: 192.168.120.0/255.255.255.0 (it is my SSL_VPN_TUNNEL_ADDRESS) Device: ssl.root Gateway: 0.0.0.0 (greyed) Does this mean that I have to create some other route ? Thank you Corrado

Fullmoon · ‎07-02-2012

how about creating a policy from ssl.root to Internet? example: source int=ssl root src add=ssl vpn net work add dst int=interface facing your ISP dst add=all NAT enabled connect again to ssl vpn and try to browse any sites

Fortigate Newbie

comas17 · ‎07-02-2012

Hi Fullmoon thank you for your reply I tried to create a policy from ssl.root to Internet and it' s working but all the traffic now goes through my office ADSL connection (also the internet browsing traffic) If I' m connecting to my office from my home I want to use SSL VPN connection to my office and (at the same time) my " home ADSL connection" for internet browsing etc Is it possible ? which configuration or new policy is necessary to do ? Thank you Corrado

Fullmoon · ‎07-03-2012

how about playing the ' split tunneling" option? Split Tunneling Select to enable split tunneling. When enabled, only traffic that requires the SSL VPN is sent through the tunnel. Other traffic follows the userâ€™s regular routing. When split tunneling is disabled, all of the userâ€™s traffic with other networks passes through the tunnel. This does not affect traffic between the userâ€™s computer and hosts on the local network. For enhanced security, some administrators prefer to force all traffic through the SSL VPN tunnel, including traffic between the user and the userâ€™s local network. To do this, use the CLI tunnel mode settings to enable exclusive-routing. ----->taken from fortinet admin guide

Fortigate Newbie

comas17 · ‎07-03-2012

Yes, I' ve seen this option As you can read in my first post " Split tunneling is enabled by default. When enabled, only traffic that requires the SSL VPN is sent through the tunnel. Other traffic follows the userâ€™s regular routing" I did not change the default configuration so I think that split tunneling is enabled, but it is not working as I want There is some other configuration to do ? How can I check (using CLI) if it is enabled or disabled ? Thank you

g3rman · ‎08-16-2012

Check here to see if split tunneling is enabled for sure: VPN -> SSL -> Portal -> full-access (or whatever your user gets assigned to) Click the edit/pencil icon on the " Tunnel Mode" section. Check to make sure that " Split Tunneling" is checked. Alternatively you can look in the CLI: # show vpn ssl web portal and look for config widget edit 1 set split-tunneling enable .... ....

A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com

SSL VPN split tunneling route

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website