We are using Forticlient EMS 7.2.3 and 7.2.3 and split-tunnel for certain traffic (MS Teams for example). To prevent accessing local services (NAS box for example) we enabled exclusive routing on our Fortigate 7.0.0 as per Enabling SSL VPN Full Tunnel - Fortinet Community. However, we can still access local resources/services.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Given that "exclusive-routing" is available as an option only when full-tunnel is enabled ("set split-tunneling disable", I would question whether these two options are compatible at all.
AFAIK app-based split-tunnel is a local routing decision made by FCT (and configured by EMS), so there's a chance that this completely overrides any routing directives received from FGT.
edit: Yes, this is as designed. App-based split-routing disables exclusive-routing. Confirmed internally.
edit 2: The community article you referenced is now updated with a note about the incompatibility.
edit 3: There is a FortiClient/EMS-specific option to disable local LAN access - <enable_local_lan>, which should work with app-based split routing. XML docs reference: https://docs.fortinet.com/document/forticlient/7.2.4/xml-reference-guide/858086/ssl-vpn
2 weeks with support and they say 'this should work' but it doesn't in our case.
So we have established with support that this is only possible on IPSEC and not SSL at leats on Forticlient 7.2.4. We are engaged with our account manager and support on why the documentation states otherwise.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.