How to Configure split Tunnel to exclude only Microsoft Teams Traffic (There is no option to exclude FQDN for Trusted destination)
Hi Mehul,
Please note that the ISDB object will not support split tunneling. It is necessary to manually build an address group and include all of the Teams addresses.
Regards,
Babitha M
Is there any template to perform the same because there are a lot of IP ranges for MS Teams
These would be the ranges for TCP/80,443
13.107.64.0/18, 52.112.0.0/14, 52.122.0.0/15, 52.238.119.141/32, 52.244.160.207/32
Hi,
Please follow the KB - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Access-to-Specific-FQDN-using-Split-Tunnel...
Best regards,
Erlin
Hello @Mehulp.,
+ Find the IP address ranges that Microsoft Teams uses for its traffic. Microsoft provides a list of IP addresses and ranges that their services use, including Teams.
+ Set up the basic split tunneling configuration on your FortiGate firewall to route general internet traffic through the VPN tunnel while allowing specific traffic to bypass it.
+ You'll need to create a custom routing table to handle the traffic you want to exclude from the VPN tunnel.
+ Assign the custom routing table to the IP address ranges associated with Microsoft Teams traffic.
Example of what the CLI configuration might look like
config system dns-database
edit "microsoft_teams"
config ip-range
edit 1
set start-ip <start_ip>
set end-ip <end_ip>
next
end
next
end
config system route-table
edit "teams_bypass"
config rule
edit 1 set src 0.0.0.0 0.0.0.0
set dst "microsoft_teams"
set gateway <gateway_ip>
next
end
next
end
Let us know if you have any queries.
Thanks,
Pavan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.