I've successfully configured remote vpn on my fortigate for my forticlient users. Then I get a new requirement, some forticlient users want only Intranet to go through VPN, I think I should configure split tunnel for them. But the others want all communications to go through VPN. I can't find how to configure for this case from fortigate configuration guide. Could anyone help me? Thanks.
To configure split tunneling you need to indicate what networks are from you intranet. For that, you can create an object like I called ip-intranet.
config vpn ipsec phase1-interfaceedit "group1"set type dynamicset interface "vpninterface"set mode aggressiveset peertype oneset mode-cfg enableset ipv4-dns-server1 x.x.x.xset ipv4-dns-server2 x.x.x.yset proposal aes128-sha1 aes128-sha256set localid "group1"set localid-type keyidset dhgrp 5set wizard-type dialup-forticlientset xauthtype autoset authusrgrp "GroupRadius"set peerid "group1"set assign-ip-from usrgrpset ipv4-split-include "ip-intranet"set domain "internal.domain"set include-local-lan enableset save-password enableset client-keep-alive enableset psksecret pskpasswordset keepalive 60next