Hot!SSL-VPN split tunnel incl routed WAN address

Author
Hasselmusen
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/10/25 01:47:51
  • Status: offline
2019/12/12 04:36:49 (permalink)
0

SSL-VPN split tunnel incl routed WAN address

I am using a Forticlient SSL-VPN split tunnel but want to route access to a certain web address through it as well.
How do I accomplish this? 
 
For example https://url.com can only be accessed coming from Fortigate's WAN IP, so when I travel I want to be able to use the SSL-VPN Forticlient to connect to it.
 
I tried to add the FQDN in VPN > SSL-VPN Portals > full-access > Routing Address but its not working.
#1
Viknesh Muniyandi
New Member
  • Total Posts : 9
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/25 23:30:28
  • Status: offline
Re: SSL-VPN split tunnel incl routed WAN address 2019/12/12 06:54:47 (permalink)
0
Hasselmusen
 
I guess, since you have already enabled the Split tunneling, you would now see an option "ROUTING ADDRESS" which is located straight below the SPLIT TUNNEL. 
You can now add a FQDN there and those(SSL users) traffic goes to that particular URL will be redirected to go through the tunnel!
 
 
Thanks and If I'm wrong, please correct me!
 
#2
Hasselmusen
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/10/25 01:47:51
  • Status: offline
Re: SSL-VPN split tunnel incl routed WAN address 2019/12/12 07:27:54 (permalink)
0
Yes exactly, I tried to add the IP for the web address in "ROUTING ADDRESS" but it did not work. 
#3
Toshi Esumi
Expert Member
  • Total Posts : 1854
  • Scores: 157
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: SSL-VPN split tunnel incl routed WAN address 2019/12/12 09:55:31 (permalink)
0
Were you able to configure the FQDN address for split tunnel? When I tried, creating an FQDN address object then tried to append it to existing addresses with "append split-tunneling-routing-address ?" at the portal config, it doesn't show up in the candidate list. Mine is v6.0.7 now. I'm afraid FQDN might not be supported.
#4
Hasselmusen
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/10/25 01:47:51
  • Status: offline
Re: SSL-VPN split tunnel incl routed WAN address 2019/12/13 00:32:17 (permalink)
0
I was not able to add FQDN to routing addresses no and I am also on 6.0.7. 
#5
Toshi Esumi
Expert Member
  • Total Posts : 1854
  • Scores: 157
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: SSL-VPN split tunnel incl routed WAN address 2019/12/13 08:28:01 (permalink)
5 (1)
You mentioned even when you added IP it didn't work. First thing to check is "route print" or "netstat -nr" at your client machine. If not, the ssl vpn config has a problem. If it's there, likely the policy is not allowing.
#6
Hasselmusen
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/10/25 01:47:51
  • Status: offline
Re: SSL-VPN split tunnel incl routed WAN address 2020/01/03 02:55:49 (permalink)
0
This was resolved by creating the firewall policy properly, which also needs NAT enabled. It works fine now.
#7
Jump to:
© 2020 APG vNext Commercial Version 5.5