lkorbasiewicz_FTNT
Staff
Created on
02-23-2015
08:05 AM
Edited on
12-30-2024
10:48 PM
By
Anthony_E
Article Id
198757
Description
This article describes how routes are populated in FortiClient SSL VPN Tunnel Mode is useful in order to avoid configuration issues where some networks cannot be accessed due to missing routes.
Scope
FortiClient.
Solution
In v5.0 and earlier, routes are populated based on destinations included in the SSL VPN auth policy (with action SSL VPN) and are not based on tunnel access policies (with ssl.root interface).
[Protected networks] --- [FortiGate] --- <SSL VPN TUNNEL MODE> --- [FortiClient]
[Protected networks] --- [FortiGate] --- <SSL VPN TUNNEL MODE> --- [FortiClient]
Add all accessed (protected) networks to auth policy as a destination; only these destinations will be populated to the SSL VPN client routing table when split-tunneling is enabled.
From v5.2 onwards where on the VPN -> SSL -> Portals page the 'Routing Address' can be explicitly defined as shown below:
From v5.2 onwards where on the VPN -> SSL -> Portals page the 'Routing Address' can be explicitly defined as shown below: