FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
ctanev1
Staff
Staff
Description
This article describes DNS issue with FortiClient SSL VPN when IPv6 is enabled on the endpoint network adapter.

Solution
SSL VPN does not support dual stack IPv4/IPv6.

When IPv6 is enabled on the endpoint network adapter. Windows always prefer IPv6 over IPv4.

Using FortiClient xml configuration <block_ipv6>1</block_ipv6>,it is possible that IPv6 traffic to be blocked.
<forticlient_configuration>
<vpn>
<sslvpn>
<options>
<block_ipv6>1</block_ipv6>
https://docs.fortinet.com/document/forticlient/6.4.2/xml-reference-guide/858086/ssl-vpn

When this setting is 1, FortiClient blocks IPv6 connection.
FortiClient uses only IPv4 connectivity when the SSL VPN tunnel is up.


Contributors