Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dhwanil
New Contributor

adding aws server to a split tunnel

Hey Guys,

 

I am trying to add a web-server hosted on AWS to be accessed through the VPN.

Currently running a split tunnel and would like the webserver requests to be routed through the split tunnel, I added the public ip of the server to the active VPN portal also added the address to the SSL-VPN policy. but this does not seem to work, I feel like I am missing something but not so sure.

The webserver is accessbile and confirmed, this more for internal remote users to be able to access the server. Running a fortigate 60E.

 

Any help is much appreciated.

 

7 REPLIES 7
tio3udes
New Contributor III

Hello @Dhwanil !

 

By your description everything seems to be fine and be it should be working. But, can you share you configuration?

 

The set up for this is simple. If  you add the IP of the server to the "Routing Address" field on the image below, the traffic to the server from devices connected to the vpn should pass through your firewall. Of course, if there's a policy allowing.

tio3udes_0-1649881921035.png

 

Let me know if this helped.

 

ti03udes
ti03udes
Dhwanil

Thank you , yeah there, I appeneded the server ip address in the same exsisting policy that is present for the ssl vpn, is there any other policies that I should check. My configuration seems to be the same like the picture you posted. also tried to run traceroute to see if it what was the difference as I have a onpremise web server as well which is behind the tunnel, and does not seem to be able to get to the server at all. even my ssh to the server seems to be failing when I put the IP behind the tunnel, so I am guessing I am missing something somewhere.

Dhwanil

Also do you think I need to make anymore changes to the firewall to be able to access that, as I suspect, I would not require anymore than VPN policy to be modified as internal network devices can access the server anyway.

Dhwanil
New Contributor

I got it to work, there was a firewall configuration blocking my way from the policies. I appreciate you taking time out to reply.

 

Timur1
New Contributor

Hi Dhwanil, i am facing the same issue. Can you pls let me know which firewall config was blocking the way from the policy?

tio3udes
New Contributor III

Glad it's working!

ti03udes
ti03udes
xshkurti
Staff
Staff

@Timur1 
Follow this link and execute debug flow commands to check which policy is blocking your traffic:
Debugging the packet flow | FortiGate / FortiOS 7.4.1 | Fortinet Document Library
Executing debug flow commands, you will find matching policy and try to edit that one.

Labels
Top Kudoed Authors