no split-tunnel vpn shouldn't break local LAN device access. Just default route going into the tunnel. If remote user's PC is 192.168.1.10/24 and he/she should be able to reach a printer with 192.168.1.100 regardless the tunnel is up or not. Did you check the routing table on the PC when the tunnel is up?
No. The routing table is normal but you still should be able to reach IPs in the connected subnet. Otherwise you can't reach even the GW device 192.168.4.100 for the tunnel to work. The default routes are used only when more specific routes don't exist in the table. Something else seems to be wrong if you can't ping the local devices. I would suggest run Wireshark to see if the ping packets leave the PC or not.
With some help of fortinet support this problem is solved.
Config ip tunnel without split on your fortigate
Connect your forticlient and test if connection works.
backup your config in forticlient and edit the backup file
In the <ipsecvpn> section after </options> add these xml tags so it would with the xml file structure:
Hi, thank you. But i backup the file and searched for the strings you wrote. i can´t find it. The only thing i can find is the vpn config section like this :
edit "vpn1" set type dynamic set interface "wan1" set xauthtype auto set mode aggressive set mode-cfg enable set proposal 3des-sha1 aes128-sha1 set authusrgrp "Wizard_users" set ipv4-start-ip 192.168.50.10 set ipv4-end-ip 192.168.50.40 set ipv4-netmask 255.255.255.0 set dns-mode auto set ipv4-split-include „**********“ set psksecret ENC ****************
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.