Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tsug
New Contributor

Created on ‎08-18-2023 04:53 AM

"Adding Route in Windows After Connection via Forticlient to Portal with Enabled Split"

We are facing an issue when connecting to Forticlient on specific machines, whether they are outside the domain or within the domain.

The SSL tunnel has split tunneling enabled for 3 networks:

  • 10.1.0.0/16
  • 10.10.0.0/16
  • 10.20.0.0/16

After connecting to the client, the addition of the 3 routes is correctly directed to the SSL VPN gateway. However, after a few seconds, another route is added for the 10.1.0.0/24 network, directing it to the client's home router gateway.

As a result, traffic is being sent to the local client's router instead of going through the firewall.

I conducted some tests and verified that the VPN configuration has the IP 10.1.0.2 as the DNS, and in the portal, it's set as DNS 0.0.0.0/0.

When I change the DNS Set in the portal specifically to a public DNS, the 3 default routes are inserted in the Windows route print, and I don't encounter route addition problems later on.

Upon changing the set dns-server1 from 8.8.8.8 to 10.1.0.2 in the portal, the issue of adding a route to the local client's router gateway resurfaces.

Regards,
Tsug.
Regards,Tsug.
Labels:
2885
0 Kudos
4 REPLIES 4
vsahu
Staff
Staff

Created on ‎08-18-2023 05:14 AM

Hello Tsug,

 

Can you share the route print and ipconfig /all details? from both scenarios, also the DNS configuration where you're changing it can you share the snapshot of the same?

Regards,
Vishal
2877
Tsug
New Contributor
In response to vsahu

Created on ‎08-18-2023 05:47 AM Edited on ‎08-22-2023 05:28 AM

-

Regards,
Tsug.
Regards,Tsug.
2863
0 Kudos
vsahu
Staff
Staff
In response to Tsug

Created on ‎08-23-2023 05:27 AM

Tsug,


I believe the output has been removed, Is it possible for you to attach the output again?  route print and ipconfig /all with and without VPN with DNS 10.1.0.2 and without DNS 10.1.0.2

Regards,
Vishal
2773
0 Kudos
djp
New Contributor

Created on ‎11-06-2023 01:19 PM

Looks like a Dell issue, fix here:


"To address this issue, uninstall Dell Optimizer or at least disable ExpressConnect:"

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Extra-route-in-Windows-routing-table-when/...

2544
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.