We have an externally hosted webserver for which we want to limit access to certain services (ports) to a limited set of IP addresses. One of them is our office's WAN range. While working at the office this won't pose any problems.
The issue is when a user works from home we want them to be able to start the FortiClient which will set-up an SSL-VPN tunnel to the office-LAN and configure it in such a way that it intercepts traffic to server A (which is outside of our LAN) and sends it over the SSL-VPN tunnel. That way the external webserver thinks the traffic is coming from our company's WAN address and the protected services will be accessible.
The SSL-VPN is set up in split tunneling mode and when I add the external webserver the user's local route-table is updated with an additional route that sends the traffic to the ssl-vpn interface. But the traffic is not routable (tracert fails).
Anyone knows (1) whether this is possible and (2) how to do it?