FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
This article demonstrates how to activate FlushDNS in the SSL VPN connection when Split DNS is being used.
Scope
FortiClient EMS 7.2.10 | FortiClient 7.2.10 and 7.2.11.
Solution
In certain scenarios, the SSL VPN split DNS feature may not work correctly, requiring the user to manually run the ipconfig /flushdns command to solve the problem.
To correct this issue, the <traffic_keep_strategy> tag must be set to 1 in the XML settings on the VPN.
Follow the steps below to make this change:
Access the EMS.
Navigate to 'Endpoint Profiles' -> 'Remote Access'.
Edit the VPN profile used in the environment.
In the upper right corner, select XML.
In the new screen, select Edit (next to the Save button).
Locate the <connections> tag.
Within this section, identify the <name> tag corresponding to the VPN to be modified.
Insert the <traffic_keep_strategy>1</traffic_keep_strategy> inside the <name> tag.
The resulting snippet will be similar to the example below:
