Hello Forti Communty,
I need help with getting split tunneling to work on Mac OS.
We have the following situation in our company:
We have a firewall cluster made out of two FG 100F version 6.4.12.
The IPSec VPN configuration with split tunneling we are currently using is working perfectly for all of our windows clients. Now we also have to support Mac OS but we ran into some troubles.
For our clients we use the free VPN client from Forti in version 7.2.0, the Mac and Windows config is also similar.
The VPN connection itself on the Mac is working great but due to the missing split tunnel feature it is only possible to connect to company internal resources when the connection is active. So for example google.com is not working because all traffic is sent to the virtual VPN gateway. As soon as VPN is disconnected all external resources are working again. Now I have the following questions:
Is it possible to use split tunneling on Mac, maybe via workaround?
Is there a different solution to this, for example to setup a secondary gateway? (I have no experience with Mac OS so I don´t know if something like that is even possible)
Please let me know if I forgot something important.
thank you in advance for your help.
best regards
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
You can try editing the xml file from the forticlient settings.
1) Download Forticlient configuration backup (XML file) from FortiClient settings.
2) Open the file using a text editor (e.g. NotePad++).
3) Search for the IPSec tunnel name.
4) The split tunnel addresses is added under the tag <remote_networks> under the required tunnel.
Each address is added in a <network> tag as per the below example(the split tunnel configuration is in bold text. Other irrelevant parts of the configuration are removed for simplicity):
…
…
<ipsecvpn>
<options>
…
…
</options>
<connections>
…
…
<connection>
<name>IPSEC_TUNNEL_1</name>
<type>manual</type>
<ike_settings>
…
…
</ike_settings>
<ipsec_settings>
<remote_networks>
<network>
<addr>172.16.100.0</addr>
<mask>255.255.255.0</mask>
</network>
<network>
<addr>172.16.120.0</addr>
<mask>255.255.255.240</mask>
</network>
…
…
</ipsec_settings>
…
…
</connection>
…
…
</connections>
</ipsecvpn>
NOTE.
FortiClient Requires 'Full Disk Acess' permissions in Mac OS Privacy Settings in order for the configuration restore feature to work.
Refer to FortiClient Mac OS release notes for more details.
Regards,
Roshan
Hi,
You can try editing the xml file from the forticlient settings.
1) Download Forticlient configuration backup (XML file) from FortiClient settings.
2) Open the file using a text editor (e.g. NotePad++).
3) Search for the IPSec tunnel name.
4) The split tunnel addresses is added under the tag <remote_networks> under the required tunnel.
Each address is added in a <network> tag as per the below example(the split tunnel configuration is in bold text. Other irrelevant parts of the configuration are removed for simplicity):
…
…
<ipsecvpn>
<options>
…
…
</options>
<connections>
…
…
<connection>
<name>IPSEC_TUNNEL_1</name>
<type>manual</type>
<ike_settings>
…
…
</ike_settings>
<ipsec_settings>
<remote_networks>
<network>
<addr>172.16.100.0</addr>
<mask>255.255.255.0</mask>
</network>
<network>
<addr>172.16.120.0</addr>
<mask>255.255.255.240</mask>
</network>
…
…
</ipsec_settings>
…
…
</connection>
…
…
</connections>
</ipsecvpn>
NOTE.
FortiClient Requires 'Full Disk Acess' permissions in Mac OS Privacy Settings in order for the configuration restore feature to work.
Refer to FortiClient Mac OS release notes for more details.
Regards,
Roshan
Hello Roshan,
thank you for the quick reply. I already tried this approach some time ago and it did not work because I was not able to import the config into the VPN client. But thanks to your final note this issue is now resolved.
regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.