Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
carabhavi
Staff
Staff

Created on ‎05-28-2020 11:16 PM Edited on ‎09-29-2023 09:11 AM By Moderator

Article Id 192266

Technical Tip: Enable split-tunnel For IPsec VPN

Description

 

This article describes how to enable/disable split tunnel for IPsec dial-up VPN.

 

Scope

 

FortiGate.

Solution

 

Enable this feature while configuring the VPN tunnel via wizard as shown below.

 
If this option is enabled, then only internal traffic will be routed via VPN tunnel.
If this option has been missed and to re-enable or disable this option after configuring the tunnel, follow these steps:

Go to VPN -> IPSec Tunnels, edit the respective tunnel under 'Network', select the 'Enable IPv4 Split Tunnel' checkbox and specify the internal subnet under 'Accessible Network'.
Note: the 'all'  subnet can not be used under 'Accessible Network' for the Split tunnel configuration, as split tunnel will not work. 
 
Stephen_G_0-1696003710286.png

 

 
 
 

Important:

The 'Accessible Networks' Address needs to be of the subnet type - using an IP range is not supported and will ignore the split tunnel enable settings by adding a default route instead of the range.

 

Stephen_G_1-1696003829481.png

 

 

IKE debug will contain the following error when using ip ranges:

 

mode-cfg ignoring range 0:10.0.1.240-10.0.1.254:0, only ip/subnet supported

 

38209
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.