Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dhwanil
New Contributor

Created on ‎04-13-2022 12:48 PM

adding aws server to a split tunnel

Hey Guys,

 

I am trying to add a web-server hosted on AWS to be accessed through the VPN.

Currently running a split tunnel and would like the webserver requests to be routed through the split tunnel, I added the public ip of the server to the active VPN portal also added the address to the SSL-VPN policy. but this does not seem to work, I feel like I am missing something but not so sure.

The webserver is accessbile and confirmed, this more for internal remote users to be able to access the server. Running a fortigate 60E.

 

Any help is much appreciated.

 

Labels:
2030
0 Kudos
7 REPLIES 7
tio3udes
New Contributor III

Created on ‎04-13-2022 01:34 PM

Hello @Dhwanil !

 

By your description everything seems to be fine and be it should be working. But, can you share you configuration?

 

The set up for this is simple. If  you add the IP of the server to the "Routing Address" field on the image below, the traffic to the server from devices connected to the vpn should pass through your firewall. Of course, if there's a policy allowing.

tio3udes_0-1649881921035.png

 

Let me know if this helped.

 

ti03udes
ti03udes
1977
0 Kudos
Dhwanil
New Contributor
In response to tio3udes

Created on ‎04-13-2022 02:50 PM

Thank you , yeah there, I appeneded the server ip address in the same exsisting policy that is present for the ssl vpn, is there any other policies that I should check. My configuration seems to be the same like the picture you posted. also tried to run traceroute to see if it what was the difference as I have a onpremise web server as well which is behind the tunnel, and does not seem to be able to get to the server at all. even my ssh to the server seems to be failing when I put the IP behind the tunnel, so I am guessing I am missing something somewhere.

1972
0 Kudos
Dhwanil
New Contributor
In response to tio3udes

Created on ‎04-13-2022 02:57 PM

Also do you think I need to make anymore changes to the firewall to be able to access that, as I suspect, I would not require anymore than VPN policy to be modified as internal network devices can access the server anyway.

1971
0 Kudos
Dhwanil
New Contributor

Created on ‎04-13-2022 03:53 PM

I got it to work, there was a firewall configuration blocking my way from the policies. I appreciate you taking time out to reply.

 

1965
0 Kudos
Timur1
New Contributor II
In response to Dhwanil

Created on ‎09-26-2023 01:23 AM

Hi Dhwanil, i am facing the same issue. Can you pls let me know which firewall config was blocking the way from the policy?

1098
0 Kudos
tio3udes
New Contributor III

Created on ‎04-14-2022 04:42 AM

Glad it's working!

ti03udes
ti03udes
1957
0 Kudos
xshkurti
Staff
Staff

Created on ‎09-26-2023 01:29 AM

@Timur1 
Follow this link and execute debug flow commands to check which policy is blocking your traffic:
Debugging the packet flow | FortiGate / FortiOS 7.4.1 | Fortinet Document Library
Executing debug flow commands, you will find matching policy and try to edit that one.

1095
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.