Internet (Especially O365) traffic not traverse SSL VPN

SebastiaanR · ‎06-04-2020

Hi community,

Can someone please point me in the direction of a KB article explaining how to limit traffic that goes over the SSL VPN? I want users to access systems, but all internet, especially o365 traffic needs to break out locally form the users' computers/internet.

From what I can tell split tunneling is what I need to look at, but that's about as far as my experience goes.

Any help much appreciated.

Thanks

lobstercreed · ‎06-04-2020

Yes, split tunneling is a very common configuration. You can simply enable it in the SSL VPN Settings.

The only traffic that will go across the VPN then is the traffic you either define under the Split Tunnel config (extra options will appear in the GUI) or it will be determined by what policies the user has access to upon login. I do the latter personally.

SebastiaanR · ‎06-04-2020

Thanks for the response and guidance. I currently have it configured as follow:

I'll look at limiting the traffic as per your recommendation, thanks. From now I'd just like to get it working.

Running a trace route to an IP, both connected and disconnected I get the same hope and routes, which leads me to believe the internet is not going over the VPN, which is good and seem to be working.

I do find that browsing the internet once connected is very slow. It his a typical finding? It's as though DNS takes just a little bit longer to resolve. The moment I disconnect the VPN, browsing speed is back to normal.

Thanks

ikmarwright · ‎06-14-2020

Have you gone through the cookbook already? https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/941552/editing-the-ssl-vpn-portal (if you have 6.0.?)

You can use Routing address are the addresses you want going through the SSL-VPN connection.

Dave