Hot!L2TP on FortiGate 5.6 with Split Tunneling

Author
capricorn80
Silver Member
  • Total Posts : 75
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/08/17 05:05:31
  • Status: offline
2018/09/20 06:50:01 (permalink)
0

L2TP on FortiGate 5.6 with Split Tunneling

Hi!
 
I configured my L2TP with below link and its working fine.
https://cookbook.fortinet.com/ipsec-vpn-windows-phone-10-54/
It created two rules automatically. One with traffic going to internal and strangly its use NAT enable in this case.
Second rule it created for L2TP interfaces to Internet without nat and only L2TP. May be some default thing but I change it to enable NAT and I think also change its service from L2TP to all and I can browse but I want that traffic should go direct rather via firewall.
So kind of Split Tunneling for SSL VPN. How can I achieve that?
 
Thanks
 
#1

3 Replies Related Threads

    bombadil
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/01/16 07:35:53
    • Status: offline
    Re: L2TP on FortiGate 5.6 with Split Tunneling 2019/01/16 07:45:55 (permalink)
    0
    same problem.
    I thank those who can give us a tip.
    this is my route table while l2tp is up: (10.100.20.2)
     
    0.0.0.0          0.0.0.0    192.168.0.254    192.168.0.103   4250
    0.0.0.0          0.0.0.0         On-link            10.100.20.2     26
     
    I have a rule to permit the l2tp network to wan, without solution :(
    #2
    dmilagros_FTNT
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/13 11:13:21
    • Status: offline
    Re: L2TP on FortiGate 5.6 with Split Tunneling 2019/07/23 14:14:45 (permalink)
    0
    Hey guys, to get the split tunneling feature there is no way to configured from FortiGate side like on VPN SSL. The way to get it, is directly on the windows client. You have to go to VPN connection adapter on Control Panel\Network and Internet\Network Connections\VPN_name >Right Click > Properties > Networking > Internet Protocol Version 4 (TCP/ IPv4)> Properties > Advanced ... > Uncheck (Use default gateway on remote network)
     
    Hope be helpful!!!
    #3
    OneOfUs
    Bronze Member
    • Total Posts : 22
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/07/16 06:32:59
    • Status: offline
    Re: L2TP on FortiGate 5.6 with Split Tunneling 2019/08/14 14:26:03 (permalink)
    0
    https://kb.fortinet.com/kb/viewContent.do?externalId=FD36253
     
    config vpn ipsec phase1-interface
       edit "Dialup_IPsec"
            set ipv4-split-include "Internal_Network"     /* Local protected network that the remote dial-up IPsec clients reach */
     
    If you haven't come across the above article, it may contain your solution.
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5