Hot!FortiAP / FortiWifi split tunneling configuration not possible

Author
ivan.bermejo@es.logicalis.com
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/08/18 04:52:23
  • Status: offline
2017/08/18 11:26:24 (permalink)
0

FortiAP / FortiWifi split tunneling configuration not possible

Hi all,
 
we are trying to use the split tunneling configuration for FortiAPs in non-directectly connected VLANs to Fortigate. This APs are configured in a tunnel configuration (captive portal required) but it would be interesting to split the traffic, as said in the 5.6 configuration guide, to avoid loading the fortigate with unnecessary traffic to Internet. But... there seems to be no way to do so, since the networks to avoid the tunnel (being directly routed through the AP), must be declared wether in FortiAP Profile or AP, and it is not possible to do so for all Internet addresses.
 
So the question is: is it possible to declare which networks should be tunneled to the Fortigate, instead of the locally routed from the AP? Is there a possible configuration for routing locally all Internet but tunnelling to fortigate some IP networks/ranges?
 
Best regards
Ivan
#1

4 Replies Related Threads

    =sergey=
    New Member
    • Total Posts : 12
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/10/09 12:55:20
    • Status: offline
    Re: FortiAP / FortiWifi split tunneling configuration not possible 2017/12/06 16:53:20 (permalink)
    0
    ivan.bermejo@es.logicalis.com
    So the question is: is it possible to declare which networks should be tunneled to the Fortigate, instead of the locally routed from the AP? Is there a possible configuration for routing locally all Internet but tunnelling to fortigate some IP networks/ranges?

     
    Check this out https://forum.fortinet.com/tm.aspx?m=154038
    #2
    wanglei_FTNT
    Bronze Member
    • Total Posts : 32
    • Scores: 9
    • Reward points: 0
    • Joined: 2015/07/20 10:10:18
    • Status: offline
    Re: FortiAP / FortiWifi split tunneling configuration not possible 2017/12/06 16:57:13 (permalink)
    0
    Please post your complete config and we will check it out and get back to you. 
     
    Thanks,
     
    Lei
    #3
    =sergey=
    New Member
    • Total Posts : 12
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/10/09 12:55:20
    • Status: offline
    Re: FortiAP / FortiWifi split tunneling configuration not possible 2017/12/07 04:08:26 (permalink)
    0
    wanglei@fortinet.com
    Please post your complete config and we will check it out and get back to you. 
     Thanks,
     Lei



    Replied here https://forum.fortinet.com/tm.aspx?m=154038
    #4
    Sumanth_FTNT
    Bronze Member
    • Total Posts : 54
    • Scores: 1
    • Reward points: 0
    • Joined: 2012/06/21 12:16:22
    • Status: offline
    Re: FortiAP / FortiWifi split tunneling configuration not possible 2017/12/13 16:48:09 (permalink)
    0
    Yes its supported on latest 5.6.3 builds.. as per what i understand the Tunnel ACL can be done in two ways..
     
    set split-tunneling-acl-path ?
    tunnel Split tunneling ACL list traffic will be tunnel.
    local Split tunneling ACL list traffic will be local NATed.
    #5
    Jump to:
    © 2017 APG vNext Commercial Version 5.5