Skip to main content
jeff_sailers
jeff_sailers
New Member
March 10, 2022
Question

VPN-Only Free FortiClient Issues with OpenDNS

  • March 10, 2022
  • 2 replies
  • 4644 views

We are having issues with the free VPN-Only FortiClient on computers that are also running the OpenDNS Umbrella client.  The issue is intermittent and happens only with some users, sometimes.  The issue that seems to occur is that computers aren't getting DNS servers assigned to the FortiClient interface sometimes.  Other times, we do see the DNS server, but we can't resolve DNS names.  In some cases, we've been able to disabled the umbrella client and name resolution starts to work, but not every time.

 

Anyone seem something like this before?

2 replies

vtsonev
Staff
vtsonev
Staff
March 10, 2022

Hello Jeff,

 

Fortinet doesn't recommend to install FortiClient paralell with other VPN software solutions on the same workstations. In such cases there might be different kind of problems. 

I would say that the behavior you observed is expected.

 

Best regards,

Vasil

jeff_sailers
jeff_sailersAuthor
New Member
March 10, 2022

Thanks for the input, but to clarify, OpenDNS isn't VPN software.  It is a web content filtering product that blocks web traffic based on DNS queries.  We have been using OpenDNS with FortiClient in other environments successfully for years.  The main difference in this environment from others is this one uses the free VPN only client where others that haven't had this issue were full, EMS-Controlled FortiClient implementations.

vtsonev
Staff
vtsonev
Staff
March 10, 2022

Hi Jeff,

 

I am sorry about the confusion. (overlooked with OpenVPN)

 

Looking about this compatibility problem I found the following information on the OpenDNS vendor site:

https://support.umbrella.com/hc/en-us/articles/230561147-Umbrella-Roaming-Client-VPNs-and-Software-Compatibility

The IP Layer Enforcement feature of the Roaming Client is incompatible with:

Built-in OS X VPN client
F5 VPN
> Fortinet FortiClient
SonicWALL VPN (some environments)
Checkpoint VPN
It is known to be compatible with the following VPN Clients only. If it is not on this list, and you are experiencing an issue, disable IP Layer Enforcement and confirm if the issue also resolves.

 

 

There have been multiple similar issues in the past reported by customers ( between OpenDNS and Forticlient). On the paid-license version you can try changing Forticlient's control of the DNS Cache Service under VPN>SSL VPN in the EMS profile. Unfortunately you have an issue on the free version where this option is not available.

 

Best regards,

Vasil

jeff_sailers
jeff_sailersAuthor
New Member
March 10, 2022

This is interesting info.... thank you for sending.  We'll try disabling IP Layer Enforcement and report back here on whether that helps any.

Terms & ConditionsAccessibility statement