Skip to main content
sits01
sits01
New Member
June 2, 2025
Question

FortiClient VPN: Intermittent DNS & Ping Failures Despite Policy & Traffic Looking Fine

  • June 2, 2025
  • 2 replies
  • 2837 views

I'm facing an intermittent issue with FortiClient SSL-VPN where connection doesn't work properly, even though everything appears correctly configured. I’ve tested several FortiClient versions, but the issue persists randomly.


Issue Summary:
FortiClient connects successfully.

VPN routes are installed correctly.

Traffic (DNS + ICMP) is visible on the FortiGate.

Wireshark on the client confirms replies (ICMP + DNS) are reaching the VPN adapter.

Despite this, ping and nslookup hang or fail. And every other traffic...

This issue happens roughly 1 out of every 10 VPN connections — seemingly at random.


Tested FortiClient Versions:
7.4.3

7.0.9

7.0.6

Issue appears intermittently across all versions.


What I've Checked:
FortiGate policies are identical for all users.

Split tunneling behavior is consistent.

DNS server (10.0.0.11) replies are seen in Wireshark but not accepted by the OS.

Disabling Windows Firewall and antivirus doesn't consistently solve the issue.

MTU tests with ping -f -l show no consistent fragmentation problems.


Has anyone seen this?
Any known FortiClient or Windows behavior that could cause this?


Thanks in advance!

2 replies

Anthony_E
Staff
Anthony_E
Staff
June 5, 2025

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
June 5, 2025
 

 

 
Hi,
 

To address intermittent DNS and ping failures with FortiClient VPN, follow these steps:

  1. Check DNS Configuration: Ensure that the VPN is configured to provide a DNS server that can resolve your local domain. The Fortinet system DNS may not be able to resolve local domains.
  2. Client-Side DNS Settings: Verify the DNS settings on the client side. The VPN connection will use the DNS configured on the client, either through DHCP or a static entry in the VPN interface setup.
  3. Network Policies: Double-check the firewall policies to ensure that DNS and ICMP (ping) traffic is allowed through the VPN.
  4. Network Stability: Investigate any potential network stability issues that could cause intermittent connectivity problems.
  5. Logs and Diagnostics: Review logs and run diagnostics on both the client and the FortiGate to identify any errors or anomalies.
  6. Update Software: Ensure that both FortiClient and FortiGate firmware are up to date to benefit from the latest fixes and improvements.
Best Regards
Terms & ConditionsAccessibility statement