SSL VPN Split Tunnel - Route specific IP/FQDN out locally
I can't seem to find any questions quite like mine, and I apologize if I have missed them.
Fortigate 300D - 6.0.4
We are setting up a SSL VPN with Split Tunneling. I can route our internal networks and some public IP Addresses through the tunnel. That much is easy.
What I am trying to find out is if I can switch this around? So I would specify 0.0.0.0/0 to go through the tunnel, but then specify IPs, or FQDNs out through the endpoints local ISP. Specifically Microsoft Office 365 traffic.
The reason I am thinking this way is because we currently have no control of internet access at the endpoint, like WebFilter/AppControl using FortiClient. Something I hope to get soon, but having to wait. I don't like the idea of internet access outside of the corp net that I cannot control. And this is why we don't use Split-Tunneling.
Feel free to change my mind here, I might be barking up the wrong tree. If I had EMS I wouldn't be doing this.