Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
technician
New Contributor

does VPN recognizes PBR

Hi, our internet Firewall is a Fortigate 100D. We were required to use 3rd party vpn softwares like express vpn, Astrill VPN, HMA VPN, etc. mainly because we need to access some China based websites which is much faster going thru vpn. 

 

But the problem is every time we connect thru vpn, our public IP changes and this VPN public IP is not recognize by the China based website mainly because they had set a filter for security purposes. In order for us to solve this temporarily, besides connecting to the vpn, we added a "route add" in our Windows 7 computers. This is to ensure that when vpn is connected traffic going to the specific China based websites will not route thru vpn traffic, instead will just route to our local ISP traffic to be recognise by the China based website. Other than the China based websites, all other traffics route thru the VPN connection. 

 

Is there a way to do this via Fortigate? 

 

Thanks

Jeff

4 REPLIES 4
Alby23
Contributor II

Sorry, bad reply.

MikePruett
Valued Contributor

You can (I have done it) deployed software based VPN's like OpenVPN on the inside of the network and then use policy based routes to send the interesting traffic to the tunnel.

 

It is cumbersome and I much prefer just using the built in IPSec configuration of the Gate but you can definitely do it.

Mike Pruett Fortinet GURU | Fortinet Training Videos
technician

ok but where do I point the destination? the gateway IP of the vpn? It even brings my second problem that whenever they successfully connects to the vpn, any policy is being bypassed thus giving them access to all restricted sites like social, video stream, etc

 

Thanks

Jeff

MikePruett

This is for SSL VPN or Site to Site IPSEC etc?

 

For SSL VPN you will need to turn off split tunneling so all traffic is forced through the VPN. This enables you to truly control what the endpoint is able to access in the same manner as if they are on site.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Labels
Top Kudoed Authors