SSL-VPN split tunnel incl routed WAN address

Hasselmusen · ‎12-12-2019

I am using a Forticlient SSL-VPN split tunnel but want to route access to a certain web address through it as well.

How do I accomplish this?

For example https://url.com can only be accessed coming from Fortigate's WAN IP, so when I travel I want to be able to use the SSL-VPN Forticlient to connect to it.

I tried to add the FQDN in VPN > SSL-VPN Portals > full-access > Routing Address but its not working.

Viknesh_Muniyandi · ‎12-12-2019

Hasselmusen,

I guess, since you have already enabled the Split tunneling, you would now see an option "ROUTING ADDRESS" which is located straight below the SPLIT TUNNEL.

You can now add a FQDN there and those(SSL users) traffic goes to that particular URL will be redirected to go through the tunnel!

Thanks and If I'm wrong, please correct me!

Hasselmusen · ‎12-12-2019

Yes exactly, I tried to add the IP for the web address in "ROUTING ADDRESS" but it did not work.

Toshi_Esumi · ‎12-12-2019

Were you able to configure the FQDN address for split tunnel? When I tried, creating an FQDN address object then tried to append it to existing addresses with "append split-tunneling-routing-address ?" at the portal config, it doesn't show up in the candidate list. Mine is v6.0.7 now. I'm afraid FQDN might not be supported.

Hasselmusen · ‎12-13-2019

I was not able to add FQDN to routing addresses no and I am also on 6.0.7.

Toshi_Esumi · ‎12-13-2019

You mentioned even when you added IP it didn't work. First thing to check is "route print" or "netstat -nr" at your client machine. If not, the ssl vpn config has a problem. If it's there, likely the policy is not allowing.

Hasselmusen · ‎01-03-2020

This was resolved by creating the firewall policy properly, which also needs NAT enabled. It works fine now.