troubleshooting Question

Fortigate SSL-VPN Split Tunneling question

Avatar of J Z
J ZFlag for Belgium asked on
* FortigateVPN
4 Comments1 Solution2184 ViewsLast Modified:

We have an externally hosted webserver for which we want to limit access to certain services (ports) to a limited set of IP addresses. One of them is our office's WAN range. While working at the office this won't pose any problems.

The issue is when a user works from home we want them to be able to start the FortiClient which will set-up an SSL-VPN tunnel to the office-LAN and configure it in such a way that it intercepts traffic to server A (which is outside of our LAN) and sends it over the SSL-VPN tunnel. That way the external webserver thinks the traffic is coming from our company's WAN address and the protected services will be accessible.

The SSL-VPN is set up in split tunneling mode and when I add the external webserver the user's local route-table is updated with an additional route that sends the traffic to the ssl-vpn interface. But the traffic is not routable (tracert fails).

Anyone knows (1) whether this is possible and (2) how to do it?

Garry Glendown
Consulting and Network/Security Specialist

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros