Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jera
Staff
Staff

Created on ‎04-01-2024 03:38 AM Edited on ‎04-01-2024 03:39 AM By Community Manager

Article Id 307466

Troubleshooting Tip: Full tunnel and Split Tunnel endpoint route comparison

 

Description This article describes how the route should appear on a Windows PC when using a Full tunnel or Split tunnel SSL VPN connection.
Scope Windows PC, FortiClient v7.2.4
Solution

SSL VPN Full Tunnel:

  • When remote users are connected to the tunnel, both corporate network and internet network traffic will be forwarded through the tunnel.  
  • A default route pointing to the tunnel interface will be installed on the Windows route table with a Metric of 1. 

 

The above route table is part of the output of 'route print' from the CMD lineThe above route table is part of the output of 'route print' from the CMD line

 

 

SSL VPN Split Tunnel:

  • When remote users are connected to the tunnel, only the corporate network will be forwarded through the tunnel.
  • Traffic intended for internet or external sites will be routed to the remote user's personal/home network.
  • A specific route going to the internal subnets will be installed on the Windows route table with a Metric of 1.

 

In the example above, the internal networks are 10.170.0.0/20 and 10.191.0.0/20In the example above, the internal networks are 10.170.0.0/20 and 10.191.0.0/20

 

144
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.