Something is injecting a route in Windows route table - but what?
This might be better in a Windows group but I'll try here anyway. We're currently piloting FortiClient (EMS managed) which for the most part is going well.
Split tunnel with RFC1918 destinations down the tunnel (configured simply by firewall policy) and all else direct Internet.
However, some users are noticing a route to a 10.x.x.x/24 subnet that comes and goes and messes up reachability to internal resources while that specific route is in the Windows routing table.
I'm 99.9% sure that it nothing to do with the config on the FortiGate/FortiClient/EMS. I think it's some group policy or InTune config or local application that is installing the route but I don't know how to prove this.
I guess I need a Windows log that records a route add event and hopefully tells you what application or process triggered it.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.