1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Software
  5. FortiGate Voice 4.0 MR1
  6. Administration manual

About Split Tunneling; Configuring Vpn Connections Using Fortimanager - Fortinet Version 4.0 MR1 Administration Manual

Forticlient endpoint security
Hide thumbs Also See for Version 4.0 MR1:
Table of Contents

Advertisement

Configuring VPN connections using FortiManager

About split tunneling

Configuring VPN connections using FortiManager
40
Split tunneling allows the remote access VPN client to connect to the corporate network
via the VPN link, and connect to the Internet via the interface the VPN connection was
established over (not the VPN channel itself).
For example, suppose you have a remote access VPN client connecting to the corporate
network over a wireless network. The user with split tunneling enabled is able to connect
to file servers, database servers, mail servers and other servers on the corporate network
through the VPN connection. In contrast, when the user connects to Internet resources
(web sites, FTP sites, etc), the connection request doesn't go through the VPN link, it goes
through the wireless connection and out the gateway provided by the hotel network.
When using FortiClient:
If split tunneling is enabled, then when the user connects to the FortiGate unit, it will tell
the VPN client that split tunneling is allowed and will send back the lists of routes. The
routes are then installed on the user's computer at the top of its routing table.
If split tunneling is disabled, the FortiGate unit will tell the VPN client to direct all traffic
through the FortiGate. This will have the same effect as installing a default route on the
client to send all traffic over the VPN. Note that the local network routes take
priority over the default route so the remote user can still send traffic on the
local network outside the tunnel.
For example, a FortiGate unit is allowing users to access two networks via SSL VPN:
10.0.0.0/24
11.0.0.0/24
The client has two interfaces: Wireless1 and VPN1 where VPN1 is the SSL VPN tunnel.
Table 3: Original Routing Table
Destination
Gateway
1.1.1.0/24
Wireless1
0.0.0.0/0
Wireless1 (default)
Table 4: Routing table when split tunneling is disabled
Destination
Gateway
0.0.0.0/24
VPN1 (default)
1.1.1.0/24
Wireless1
Table 5: Routing table when split tunneling is enabled
Destination
Gateway
10.0.0.0/24
VPN1
11.0.0.0/24
VPN1
1.1.1.0/24
Wireless1
0.0.0.0/0
Wireless1 (default)
You can create an automatic VPN connection or the FortiClient Manager can
automatically download a VPN setting from the FortiGate unit to which your FortiClient
computer connects.
For more information, see the
FortiManager System Administration
FortiClient Endpoint Security Version 4.0 MR1 Administration Guide
Creating FortiClient VPNs
Guide.
04-40001-99556-20090626
http://docs.fortinet.com/
Feedback
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Fortinet Version 4.0 MR1

Related Content for Fortinet Version 4.0 MR1

This manual is also suitable for:

Forticlient endpoint security 4.0 mr1

Table of Contents