Staff

Technical Tip: How to enable ipconfig /flushdns at SSL VPN connection when Split DNS is being used

Forum|Forum|9 months ago
August 18, 2025
0 replies
477 views

Description

This article demonstrates how to activate FlushDNS in the SSL VPN connection when Split DNS is being used.

Scope

FortiClient EMS 7.2.10 | FortiClient 7.2.10 and 7.2.11.

Solution

In certain scenarios, the SSL VPN split DNS feature may not work correctly, requiring the user to manually run the ipconfig /flushdns command to solve the problem.

To correct this issue, the <traffic_keep_strategy> tag must be set to 1 in the XML settings on the VPN.

Follow the steps below to make this change:

Access the EMS.
Navigate to 'Endpoint Profiles' -> 'Remote Access'.
Edit the VPN profile used in the environment.
In the upper right corner, select XML.
In the new screen, select Edit (next to the Save button).
Locate the <connections> tag.
Within this section, identify the <name> tag corresponding to the VPN to be modified.
Insert the <traffic_keep_strategy>1</traffic_keep_strategy> inside the <name> tag.

The resulting snippet will be similar to the example below:

[...]
<connections>

<uid>02027951-4130-47E9-BBA1-EB05BCDDE76</uid>

<machine>0</machine>
<traffic_keep_strategy>1</traffic_keep_strategy>

[...]

Once this change is made, flushdns will run from time to time to keep everything working properly.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded