Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ForgetItNet
Contributor

Stop everything routing through VPN

Hi all,

We use the Fortclient SSL VPNs on users laptops that work from home and this works well however we have a single user that uses a softphone program on her laptop to connect to a voip cloud platform (gamma horizon) but the VPN is causing a delay in this (it works fine without the VPN on). I know in older versions of Windows there was a tick box in the IPV4 settings on the NIC to not use the default gateway on the remote machine which would then let the local internet (at the users house) be the breakout point for everything that wasn't needing to go across the VPN but that option is no longer there so someone has said to setup split tunneling on the Fortinet Router (100F) but is this the correct way to do this as i thought if it's having to hit the router to pick this up in the first place then it kind of misses the point of the breakout being at the users house ?

Hope that makes sense but if anyone can advise ?

Thanks

1 Solution
johnathan
Staff
Staff

Split-tunneling is the correct way to solve this issue. It will do exactly as you say, only 'internal' traffic that needs to go over the VPN will be sent over the tunnel. Regular internet traffic like their VOIP software will go out their local internet connection. See this guide for instructions how to set this up:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

"Never trust a computer you can't throw out a window."

View solution in original post

4 REPLIES 4
johnathan
Staff
Staff

Split-tunneling is the correct way to solve this issue. It will do exactly as you say, only 'internal' traffic that needs to go over the VPN will be sent over the tunnel. Regular internet traffic like their VOIP software will go out their local internet connection. See this guide for instructions how to set this up:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

"Never trust a computer you can't throw out a window."
ForgetItNet
Contributor

Perfect, many thanks.

I've gone to configure that but I'm getting:

 
  • Could not enable split tunneling, as policy 20 has "all".

Is this in the Firewall policies as I can't see that they're numbered for me to find policy 20 (if that's what it means) ?

Also although i don't have the "split tunnel" option as per the guide, i only have:

"Enabled Based on Policy Destination"

Which I'm thinking is the same thing ?

Thanks

Richie_C

Make sure that you have the correct column settings to be able to see the policy number.

policy id.PNG

 

It seems that the destination of policy 20 is ALL. It should be a policy related to the SSLVPN. You need to make it more specific so that it only sends the required traffic over the SSL tunnel.

 

Take a backup before making any changes
ForgetItNet

That's worked great, many thanks all.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors