Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
ctanev1
Staff & Editor
Staff & Editor

Created on ‎02-04-2021 01:49 AM Edited on ‎08-14-2025 06:27 AM By Community Manager

Article Id 197789

Technical Tip: DNS issue with FortiClient SSL VPN when IPv6 is enabled on the endpoint network adapter

Description

 

This article describes a DNS issue with FortiClient SSL VPN when IPv6 is enabled on the endpoint network adapter.

 

Scope

 

FortiClient.

Solution


SSL VPN does not support dual-stack IPv4/IPv6.

When IPv6 is enabled on the endpoint network adapter. Windows always prefers IPv6 over IPv4.

Issues may be faced where the IPv6 address and route are not being received.

Within the FortiClient XML configuration file, verify the value for blocking IPv6.

 

<block_ipv6>1</block_ipv6>

<forticlient_configuration>
<vpn>
<sslvpn>
<options>
<block_ipv6>1</block_ipv6>

 

Related document:

SSL VPN

Set the block IPv6 setting to '1', so FortiClient blocks the IPv6 connection. FortiClient uses only IPv4 connectivity when the SSL VPN tunnel is up.

38375
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.