Route Website via SSL-VPN Split Tunnel on FortiGate

,

We have a customer who has a few back office staff in the Philippines and we need to get them around a Geo-Block for a particular website they need as part of their role.  The customer has a split-tunnel SSL-VPN in the AWS Sydney Region, we can look to route the traffic via the SSL-VPN tunnel so that it traverses via Australia instead of their home ISP in the Philippines, bypassing the geo-block.

First things first, is we’ve contacted the site owner and they’re either refusing or unwilling to whitelist anything for us. So under Policy and Objects, we will create a Address Object that will hold the IP of the web host, now that is created, we will find the Firewall Policy that allows the VPN traffic into the firewall, the From or Source is usually the ssl.root or SSL VPN Interface, we want to add the address into the Destination as allowed. It should look like something below.

The final piece of the puzzle is to add the route into the SSL-VPN – so under VPN > SSL-VPN Portals, find your SSL VPN Portal, Edit and then add the object into the Routing Address Override, so that once a client connects a route is added to use the vpn for that IP address.

In the picture, you’ll see a CMS Portal Entry which has the IP we entered earlier in the Address Object. Hit Ok to save and ask any users connected to reconnect to their VPN for the new route to propagate correctly.


Leave a Reply

More Posts

Working with Windows File and Folder NTFS Permissions (Copy and Reset)

There have been a few times recently where I’ve had end users do some weird things to either their desktops or development servers they have been working on. If they’re on Dev servers we usually just restore the servers from backup but sometimes we just need to do a quick fix.  The most common issues […]

Remove all disabled user from an Active Directory Group with Power Shell using Quest Active Roles AD Management

The following code snippet which I ran through PowerShell ISE (learn how to get it on Windows Server) will remove all disabled users from a particular group.  Useful for the end of year / start of year clean up in a school environment. You will need the ActiveRoles Management Shell for Active Directory, available by […]

Power BI Gateway SSL Issues with managed AWS RDS SQL Server instances

I had a customer call up and explain their Power BI reports had stopped working, they’re not managed so after working a few things out we got to work and jumped into their Datawarehouse environment in AWS. After a quick look we could see that their RDS SQL Server instance had TLS turned on and […]