Lost internet connection when using forticlient

Hello Max,

I suspect that this is happening because all the traffic is send to your internal network.

In this case split tunnel is a solution.

You can configure split tunnel by following the below doc:

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/307303/ssl-vpn-split-tunnel-for-remote-user

An other solution in case you wan to sent this traffic to the firewall is to configure a firewall policy to allow traffic from the ssl vpn to your internet facing interface.

this usually happens when yo don't use split tunneling on your VPN. Without split tunneling all Traffic will be routed through the vpn because establishing the vpn in this case overwrites your default route.  

This means that ALL traffic that does not match any outher route on your client will use the new default route and hit the opposite end of your vpn. If then there is no policy that allows vpn clients to reach the internet you will no longer have internet connectivity on your pc.

So either create such a policy or enable split tunneling. 

Thank you both for replying.

For what I understood, I should have access to Fortigate configuration. Is this correct?

I can't do it as the VPN is managed by the company I'm working for.

Is there any setting I can do on my own pc to solve this issue?

hm if your company admins will not configure split tunneling or an internet policy you can only temporarily work around that by resetting your routing manually. This has to be done everytme once vpn is established. 

You would then have to delete the default route and set a new one (which gateway cab be looked up in routing table when the vpn is not established). Then additionally set a route to your company subnet over the vpn.

Deleting the default route (and setting a new one) in windows 10 might however require administrator privileges though.

Open a cmd window with administrator privilleges. You need them to add/delete routes later on.

before you connect the vpn execute a "route print" in there and look for the Traget "0.0.0.0" - this is your default route. Note down the ip in the column "gateway" there.

Connect the vpn and then execute "route print" in the cmd again. You should notice that the gateway (and interface) for the default route has changed. Als note down that gateway ip.

Then do a "route delete 0.0.0.0" (I think "route delete default" might do aswell but not sure).

Then do a "route add 0.0.0.0 MASK 0.0.0.0 <gateway ip you noted down before connecting vpn>"

At this point you should regain internet connectivity again.

To still be able to reach to your compan servers you might have to analoguely add a static route to the company subnet with corret subnetmask and the gateway you noted after connecting the vpn.

You don't need to enter interface or metric here.