SSL VPN split tunneling issue - how to enable split tunneling only for a few subnets?
I would like to create simple configuration for remote SSL VPN:
I want remote user to use split tunneling only for a few subnets (let's say youtube, office365, teams etc.) and the rest of the traffic should go into the corporate network (through the tunnel).
Actually, I am not able to achieve this goal.
The opposite configuration is straightforward (i.e. the whole remote user' traffic breaks locally and only a few networks go into the tunnel).
Unfortunately, this is not what I need ...
I tried to uses "DENY" rule to exclude particular subnets from being tunneled and allow all the rest. But it didn't seem to work properly.
At the moment in our network we don't use split tunneling at all.
My idea is to only enable it for specific subnets in the Internet (to take some load off the the corporate backbone) and have the rest of the traffic (Internet traffic included) to be inspected by corporate Fortigate.
Please let me know if you have any ideas how to address it.
config vpn ssl web portal
set tunnel-mode enable
set split-tunneling-routing-negate enable
set split-tunneling-routing-address "Split-Group-Not-to-Use"
The command is only available in FortiOS 6.4
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.