We switched from Palo Alto's Global Protect platform when we migrated from PA to Fortinet and we were lead to believe that there was a like for like mechanism to force the users to choose a proper tunnel but it hasn't worked out accordingly for us. Currently Mike Smith has to have the neurons to understand that the "Americas" VPN tunnel is the one he should choose and not the "European Area" or the "Asian Pacific" area. For example, you would have to know that Mike Smith is in the AMER region and there are currently no mechanisms to understand that besides actually talking to the dude or seeing the connection on the Fortigate itself. That's certainly an option however, that would mean intrinsically you would have to know where the users are and this organization is absolutely terrible at understanding that.
Have you tried addressing this by two (or more) separate SSL-VPN tunnel configs and setting the default appropriately for each region's users? (AFAIK the option "current connection" should set the default tunnel) Sharing dumps violates a reddit global rule and may result in a site-wide ban. Specifically, IPSec Tunnels can be triggered via firewall rules based policies or interface mode. Fortinet Fortigate UTM appliances provide IPSec (as well as SSL VPN) out of the box. Posting brain or answer dumps for Fortinet certifications is prohibited as they are copyrighted material. Virtual Private Networking (VPN) is a cost effective and secure method for site to site connectivity without the use of client software. What you have already tried as part of your troubleshooting process.
#FORTINET SUPPORT SITE TUNNEL CLIENT SOFTWARE#
AI-enabled analysis and detection for faces, objects, facemasks, and occupancy, as well as privacy protection.
FortiRecorder mobile app makes it easy to access videos and get alerts of events within your fingertips. Fortinet is a global leader and innovator in Network Security. FortiCentral for desktop is a powerful yet easy-to-use video management system for Windows.