Skip to main content
HFIT
HFIT
New Member
February 20, 2025
Question

Forticlient VPN Configuration - allowing to access blocked websites

  • February 20, 2025
  • 1 reply
  • 1346 views

Hi,

 

We initially thought this was a Webtitan issue, however, when a user is connected to Forticlient VPN, websites that are blocked on Webtitan policies are being allowed to filter through and get accessed. If the user disconnects from VPN, and tries accessing those sites again, they then get blocked from Webtitan.

 

Has anyone come across this issue before or can provide further details on why this may be happening? We think it may be a configuration issue with our Forticlient setup.

 

Our VPN is a IP SEC VPN. We have tried several devices (Windows 10 PCs and Windows 11 OS laptops) and the same happens. This has happened for several different users on different Webtitan policies. I can provide further details if needed.

1 reply

AEK
SuperUser
AEK
SuperUser
February 20, 2025

Hi

Is WebTitan DNS based? If so then probably the VPN is injecting a new DNS server IP that has priority over WebTitan's DNS.

AEK
    HFIT
    HFITAuthor
    New Member
    February 25, 2025

    Hi - yes it is. Forticlient VPN's DNS is taken priority and we need to know how to lower the priority for Forticlient's VPN DNS.

    AEK
    SuperUser
    AEK
    SuperUser
    February 25, 2025

    Hi

    You should be able to fix it by enabling split DNS on FortiGate IPsec config.

    https://docs.fortinet.com/document/forticlient/7.2.0/new-features/634537/split-dns-support-for-ipsec-vpn-7-2-3

    Hope it helps

    AEK
    Terms & ConditionsAccessibility statement