When connecting via VPN the computer loses all internet access. I have tried with and without split tunnelling and nothing works.
Model: Fortigate 60D
Firmware : 5.2.3
Anything I need to look at in regards to debugs/config? Do I need split tunneling?
I've had a look at other threads and come across this comment
'My firewall policy with the SSL-VPN set as action was this:
wan1 > internal all - all - always - any -SSL VPN
The destination must be a specific subnet(s) in order to do split tunneling. Once I changed my destination on that policy to the appropriate internal subnets, split tunneling worked just fine once I was able to enable it.'
If you enable split-tunnelling in the settings for the SSLVPN web portal, once you try to define a firewall policy for the connection afterwards, I think you will be prohibited from leaving the destination address zeroed. It is not a valid split-tunnelling address. So you could do either-or: leave the web portal and policy destination wide open and split-tunnelling disabled (but then create an ssl.<vdom> to WAN policy to allow Internet access), or else enable split-tunnelling in the Tunnel Mode widget in the SSLVPN web portal, choose a local address range, and make the destination in the policy the same address range.
The tricky part comes in if tunnel-mode users also want to use the web portal for proxied browsing to Internet sites. In that case, the only way I can find to make the scenario work is to create two portals: one Tunnel Mode (split tunnelling) and one Web Only. For the browsing web-only mode connection, you would need a second user account (and/or user group) to authenticate to it, since portal selection is based on authenticated identity. Once in that portal, you could not bring up a split-tunnelling Tunnel Mode connection, but you could browse via the portal proxy. And vice versa, for a tunnel connection, authenticate as the user for the Tunnel Mode portal.
With IPsec, it depends who the client will be for the connection. With FortiClient or a known OS (iOS, Windows, etc.), the wizard takes care of the options, and provides a drop-down field to choose split addresses.
Otherwise, the manual route will take you into the CLI:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.