Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

WIFI and Split Tunneling



With OS5.2.2 it is possible to use Splittunneling on the WIFI interface, but can someone tell me how this is working. I thought that it is working the same as the SPlittunneling with the SSLVPN but it is not working.  I would like to configure an AP to tunnel traffic for the servers over the Wifi Tunnel, but internet traffic should go out via a local router. Is this possible !?




Contributor III



if both FGT as FAP are based on 5.2.x following:


       # config wireless-controller vap
# edit [Name of SSID Profil]
# set split-tunneling enable
# end
       # config wireless-controller wtp-profile
# set split-tunneling-acl-local-ap-subnet enable
# config split-tunneling-acl
# edit [Use a integer example "1"]
# set dest-ip [IPv4 address as subent mask exampel]
# end
# end

This should work...if you are using a FAP with integrated LAN interface like 28C you can bridge or whatever the interface to SSID like:

      # config wireless-controller wtp-profile
      # edit [Name des entsprechenden Profile]
      # config lan
      # set port-mode [offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
      # set port-ssid [Name der gewünschten SSID]
      # set port1-mode [offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
      # set port1-ssid [if bridge-to-ssid define SSID]
      # set port2-mode [offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
      # set port2-ssid [if bridge-to-ssid define SSID]
      # set port3-mode [[offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
      # set port3-ssid [if bridge-to-ssid define SSID]
      # set port4-mode [[offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
      # set port4-ssid [if bridge-to-ssid define SSID]
      # set port5-mode [offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
      # set port5-ssid [if bridge-to-ssid define SSID]
      # end
      # set dtls-policy [ dtls-enabled | clear-text]
      # end

Please note for the FAP-14C the ports can not be configured each other which means FAP-14C is using something like a HUB meaning the ports can not be set each other only the overall switch can be configured for one function.

have fun


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors