This article describes how to check injected routes in the windows clients through FortiGate via the FortiClient app.
Scope
FortiClient 7.x.x.
Solution
To check the injected routes in the Windows device, ensure that the FortiClient VPN is connected and then type ‘route print’ in the Windows command prompt (cmd).
Output:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.168.1.1 172.168.1.2 25 10.0.0.0 255.0.0.0 192.168.25.30 192.168.25.29 1 10.9.0.0 255.255.0.0 192.168.25.30 192.168.25.29 1 10.2.0.0 255.255.0.0 192.168.25.30 192.168.25.29 1 10.43.0.0 255.255.0.0 192.168.25.30 192.168.25.29 1 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
When a client is set up with a split tunnel configuration, the default route will go through the physical NIC’s gateway, while specific routes will be directed through the VPN assigned IP.
In the above scenario:
- 172.168.1.2: Windows NIC IP.
- 192.168.25.29: IP assigned by FortiClient app / VPN IP.
Note: If any routing subnet/address is added or removed in the VPN configuration on the FortiGate, reconnecting the FortiClient VPN is required to update the Windows routing table and make the changes effective.