New Member

Solved

FortiClient & Static DNS Entry

Forum|Forum|3 years ago
July 26, 2022
6 replies
44532 views

Hello FortiCommunity,

We currently are using FortiClient with an EMS server and noticed when we connect to the VPN we received our specified internal DNS on both our physical adapter (wifi/lan) and our vpn adapter. Our specified internal DNS are our domain controllers that run DNS services.

The issue we are having with this is that sometimes the FortiClient software disconnects or something in windows causes the application to crash. My assumption is when you hit the disconnect button on the FortiClient it removes routes and/or the static DNS entry. With that process not taking place the end result is that the static DNS that was not cleared, thus leaving the PC unable to connect to the internet.

Our users working from home do not get admin access to their network adapters as well. The combination leaves the end user unable to connect to the internet and our remote tool useless. Do you guys know why the static DNS is set- can we set this to obtain automatically? I did try "same as client system DNS" but our firewall uses the FortiNet's DNS for what I can only assume is DNS filtering along with other items.

Is there a way to stop these crashes or disconnects? Has anyone else had this issue?

Thanks,
Michael

Best answer by chipcoit

We are on version 6.4.3 for most of our endpoints. After upgrading to version 7.0.6 via deployment on the EMS server- this seemed to fix the issue. Regardless if a user switches wifi networks or if the network gets dropped the static DNS entries get removed successfully now.

Anthony_E

Staff

Hello Michael,

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Regards,

Best Regards

Anthony_E

Staff

Hello Michael,

We are still looking for an answer to your question.

We will come back to you once we will find it.

Regards,

Best Regards

OwenW

Explorer II

I have similar problem with AD -> DNS plus VPN. It seems that any wireless blip causes the DNS to overwrite back to local DNS, which ends in conflict. Please have a look at that and see if the issues interact.

chipcoitAuthorAnswer

New Member

We are on version 6.4.3 for most of our endpoints. After upgrading to version 7.0.6 via deployment on the EMS server- this seemed to fix the issue. Regardless if a user switches wifi networks or if the network gets dropped the static DNS entries get removed successfully now.

SubaruEurope

Visitor III

We are on 7.0.9 and the issue is still present.

OffroadingConvoy4

Explorer

We still have this problem on 7.0.7 and are now considering other solutions. We've had this problem since we first got this product.

matthew_wlf

New Member

We have the same problem with forticlient 7.2.3 not on all clients but on a few. I think this problem could be related with windows..

lkosc

New Member

does Fortinet doing something with the matter? Is the free version involved to promote paid version?

any fortinet engineer can take a word?

PierrePaulDuval

Visitor III

On our side, we are using FortiClient 7.0.11. We started to roll out Windows 11 23H2 last month and some customers experienced the same issue right after the upgrade. We created a script that runs locally to remove the DNS entries since the computer is not reachable via internet. This issue never happened in Windows 10. Right now, I'm stuck between Microsoft saying it's not their issue and Fortinet saying they fixed this issue a long time ago.

5Lights

New Member

We have the same issue since upgrading to win11. Running 7.2.3 and 7.2.4.
Users dont have admin rights to reset the DNS servers to automatic

antech

Visitor III

Unfortunate that this is still an ongoing issue years later. We are seeing this issue on v 7.4.3 (latest build) as well.

This is a major issue for Hybrid users who work from home on occasion. When disconnecting from the VPN, the Wi-Fi adapter remains set to a "static" DNS server (which gets set to the user's home router/DNS server after disconnecting from the VPN).

When the users come into the office, they cannot connect to the Wi-Fi because their DNS server is still locked to 'static', and they cannot change it because it requires elevation. The 'fix' is to have them connect wired (not all buildings have a wired connection) so that an IT admin can remote in and enter their admin credentials to reset the DNS to Automatic (DHCP).

After setting it back to Automatic, if the user works remotely again & connects to the VPN, it again gets set back to Manual. :(

Mx2

New Member

We got this issue after 7.4.3 upgrade and found a potential workaround. When the issue occurs, restarting "FortiSSLVPNdaemon.exe" process fixes it. However, users cannot restart the process as it runs with SYSTEM privileges, so you have to find a way around that.

But the same issue persists with FCT 7.4.4 and 7.4.5, and unfortunately the workaround does not seem to work with 7.4.5 anymore. It's super annoying problem to deal with, easiest solution is to reboot the machine.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded