Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ForgetItNet
Contributor

Created on ‎05-07-2024 08:10 AM

Stop everything routing through VPN

Hi all,

We use the Fortclient SSL VPNs on users laptops that work from home and this works well however we have a single user that uses a softphone program on her laptop to connect to a voip cloud platform (gamma horizon) but the VPN is causing a delay in this (it works fine without the VPN on). I know in older versions of Windows there was a tick box in the IPV4 settings on the NIC to not use the default gateway on the remote machine which would then let the local internet (at the users house) be the breakout point for everything that wasn't needing to go across the VPN but that option is no longer there so someone has said to setup split tunneling on the Fortinet Router (100F) but is this the correct way to do this as i thought if it's having to hit the router to pick this up in the first place then it kind of misses the point of the breakout being at the users house ?

Hope that makes sense but if anyone can advise ?

Thanks

Labels:
2115
0 Kudos
1 Solution
johnathan
Staff
Staff

Created on ‎05-07-2024 08:19 AM

Split-tunneling is the correct way to solve this issue. It will do exactly as you say, only 'internal' traffic that needs to go over the VPN will be sent over the tunnel. Regular internet traffic like their VOIP software will go out their local internet connection. See this guide for instructions how to set this up:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

"Never trust a computer you can't throw out a window."

View solution in original post

2108
4 REPLIES 4
johnathan
Staff
Staff

Created on ‎05-07-2024 08:19 AM

Split-tunneling is the correct way to solve this issue. It will do exactly as you say, only 'internal' traffic that needs to go over the VPN will be sent over the tunnel. Regular internet traffic like their VOIP software will go out their local internet connection. See this guide for instructions how to set this up:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...

"Never trust a computer you can't throw out a window."
2109
ForgetItNet
Contributor

Created on ‎05-07-2024 08:48 AM Edited on ‎05-07-2024 08:56 AM

Perfect, many thanks.

I've gone to configure that but I'm getting:

 
  • Could not enable split tunneling, as policy 20 has "all".

Is this in the Firewall policies as I can't see that they're numbered for me to find policy 20 (if that's what it means) ?

Also although i don't have the "split tunnel" option as per the guide, i only have:

"Enabled Based on Policy Destination"

Which I'm thinking is the same thing ?

Thanks

2100
0 Kudos
Richie_C
Staff
Staff
In response to ForgetItNet

Created on ‎05-07-2024 09:15 AM

Make sure that you have the correct column settings to be able to see the policy number.

 

policy id.PNG

 

It seems that the destination of policy 20 is ALL. It should be a policy related to the SSLVPN. You need to make it more specific so that it only sends the required traffic over the SSL tunnel.

 

Take a backup before making any changes
2090
0 Kudos
ForgetItNet
Contributor
In response to Richie_C

Created on ‎05-08-2024 05:14 AM

That's worked great, many thanks all.

2015
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.