With split tunneling disabled, and policy blocking access to the internet through the firewall, one may think all is well since the split tunneling block and policy block would not permit malware or similar things on the end user’s computer from talking to the computer over the internet at the same time the VPN is connected. So here we go, most firewall admins, and their superiors, set things up as described above in order to protect the environment from a remote VPN user from allowing unauthorized access to the protected network via their computer. FortiGate policy is intentionally configured to NOT permit VPN users from talking to internet.
![fortinet vpn configuration fortinet vpn configuration](https://www.sancuro.com/media/catalog/product/cache/c687aa7517cf01e65c009f6943c2b1e9/f/w/fww23-167_5.png)
FortiGate VPN profile is intentionally configured to NOT permit split tunneling.End user has FortiClient VPN access to FortiGate firewall for IPv4 service and access to protected network/data.Their clients for other platforms are dated compared to Windows, so no reason to assume those behave differently.