Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GHGIT
New Contributor

Split tunnel is disabled but I can still ping or rdp into laptop across home wifi

I have a 200e that I am trying to set up for an ssl vpn.  In the GUI,  under SSL-VPN Settings I have my allowed VPN Group pointed to "full-access" portal.  My settings for full-access are as follows:

config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set exclusive-routing enable set split-tunneling disable set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set ipv6-split-tunneling disable next

 

When I connect to my corporate network from a laptop(Laptop1) on my home wifi, if I browse to what is my ip I see the proper ipv4 outbound nat address from work.  I also see the home ipv6 address which doesn't seem right.  More alarmingly, if I start another laptop(Laptop2) on the home wifi, I can ping or even rdp onto the vpn connected laptop(laptop1) using the home wifi 192.168 number laptop1 is assigned.  We are trying to replace our last Cisco Anyconnect firewall with this system but we require no split tunneling so a hacker can't get into the corporate network by going through the user's home network.  This works on our old Cisco so I can't imagine it doesn't on this brand new Fortigate.  What do you think I am doing wrong?

 

Thanks for your help!

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors