Hello,
With OS5.2.2 it is possible to use Splittunneling on the WIFI interface, but can someone tell me how this is working. I thought that it is working the same as the SPlittunneling with the SSLVPN but it is not working. I would like to configure an AP to tunnel traffic for the servers over the Wifi Tunnel, but internet traffic should go out via a local router. Is this possible !?
Regards,
Charl
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
if both FGT as FAP are based on 5.2.x following:
# config wireless-controller vap
# edit [Name of SSID Profil]
# set split-tunneling enable
# end
# config wireless-controller wtp-profile
# set split-tunneling-acl-local-ap-subnet enable
# config split-tunneling-acl
# edit [Use a integer example "1"]
# set dest-ip [IPv4 address as subent mask exampel 192.168.10.0/24]
# end
# end
This should work...if you are using a FAP with integrated LAN interface like 28C you can bridge or whatever the interface to SSID like:
# config wireless-controller wtp-profile
# edit [Name des entsprechenden Profile]
# config lan
# set port-mode [offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
# set port-ssid [Name der gewünschten SSID]
# set port1-mode [offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
# set port1-ssid [if bridge-to-ssid define SSID]
# set port2-mode [offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
# set port2-ssid [if bridge-to-ssid define SSID]
# set port3-mode [[offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
# set port3-ssid [if bridge-to-ssid define SSID]
# set port4-mode [[offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
# set port4-ssid [if bridge-to-ssid define SSID]
# set port5-mode [offline | bridge-to-wan | bridge-to-ssid | nat-to-wan]
# set port5-ssid [if bridge-to-ssid define SSID]
# end
# set dtls-policy [ dtls-enabled | clear-text]
# end
Please note for the FAP-14C the ports can not be configured each other which means FAP-14C is using something like a HUB meaning the ports can not be set each other only the overall switch can be configured for one function.
have fun
Andrea
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.