Forticlient EMS Application Firewall Blocking DNS

Forum|Forum|1 month ago
April 30, 2026
1 reply
61 views

I’m using Forticlient 7.2.14 with EMS Cloud 7.4.5. All of a sudden some users are reporting that they cannon’t connect to anything (Web or corporate VPN). After investigation we found that the application firewall in our EMS profile is blocking DNS for some clients even though this same profile is working for others on the same hardware/forticlient versions. This happens off fabric and prevents even connection to EMS so users cannot then connect to the fabric (VPN). Our only path to fix was to disconnect from EMS (with password), disable the application firewall in the EMS profile and reconnect with an invitaion code. All works thereafter.

What might cause this given nothing has changed in our configuration other than EMS cloud auto-updating to 7.4.5 in early April?

AEK

SuperUser

Can you share the profile?

And how do you know it is blocking DNS?

Is it blocking DNS-over-TLS or legacy DNS UDP 53?

Can you try with nslookup to confirm?

AEK

shockoAuthor

Explorer III

Yes blocking standard DNS over UDP 53. it doe snot block at the wire but applications requesting DNS just get timeouts so assume it manipluates DNS higher up the stack.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded