FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
lkorbasiewicz_FTNT
Article Id 198757

Description

 

This article describes how routes are populated in FortiClient SSL VPN Tunnel Mode is useful in order to avoid configuration issues where some networks cannot be accessed due to missing routes.
 
Scope
 
FortiClient.


Solution

 

In v5.0 and earlier, routes are populated based on destinations included in the SSL VPN auth policy (with action SSL VPN) and are not based on tunnel access policies (with ssl.root interface).

[Protected networks] --- [FortiGate] --- <SSL VPN TUNNEL MODE> --- [FortiClient]

Add all accessed (protected) networks to auth policy as a destination; only these destinations will be populated to the SSL VPN client routing table when split-tunneling is enabled.

From v5.2 onwards where on the VPN -> SSL -> Portals page the 'Routing Address' can be explicitly defined as shown below:

image.png