thank you for clarifying the scenario, I was a bit confused by your initial description.
In this case, the solution is fairly simple, assuming that service has a static IP (or IP range)
-> add the public IP (range) for this service to the split-tunneling destinations of your VPN
-> create a policy from SSLVPN interface to WAN, and destination the service's IP (range); enable NAT
It should go something like this then: - a VPN user tries to access the URL
- their host will look up the IP
- the host will check routing table and find a specific route to the IP via VPN
-> traffic goes into VPN tunnel
- on FortiGate, traffic should match the policy from VPN to WAN
- the request should go out the FGT WAN interface with the FGT public IP
If the service doesn't have a static IP or range, it may not be possible; FQDNs can't be added to VPN split-tunneling at the moment, so you would have to disable split-tunneling or try to figure out a workaround to force the traffic via VPN tunnel when we can't provide a simple static route via VPN.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.