Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
ctanev1
Staff
Staff

Created on ‎02-04-2021 01:49 AM

Article Id 197789

Technical Tip: DNS issue with FortiClient SSL VPN when IPv6 is enabled on the endpoint network adapter

Description
This article describes DNS issue with FortiClient SSL VPN when IPv6 is enabled on the endpoint network adapter.

Solution
SSL VPN does not support dual stack IPv4/IPv6.

When IPv6 is enabled on the endpoint network adapter. Windows always prefer IPv6 over IPv4.

Using FortiClient xml configuration <block_ipv6>1</block_ipv6>,it is possible that IPv6 traffic to be blocked.
<forticlient_configuration>
<vpn>
<sslvpn>
<options>
<block_ipv6>1</block_ipv6>
https://docs.fortinet.com/document/forticlient/6.4.2/xml-reference-guide/858086/ssl-vpn

When this setting is 1, FortiClient blocks IPv6 connection.
FortiClient uses only IPv4 connectivity when the SSL VPN tunnel is up.

34545
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.