This article describes how to avoid Dynamic DNS updates performed by FortiClient SSL VPN connection. This may affect the FortiNAC Tag.
FortiClient VPN, FortiClient EMS, FortiNAC.
FortiClient EMS and FortiClient VPN by default try to perform a dynamic DNS update in an SSL VPN connection. In some scenarios with FortiNAC_tag this may cause issues with the FSSO Collector Agent because a due 'IP address change timer' will detect an update in IP address.
To prevent this it is necessary to set to '1' in the no_dns_registration parameter.
Endpoint Profiles\ Remote Access\ [Profile name]\ XML\ edit\ no_dns_registration and set 1.
Save changes and wait for the next FortiClient EMS Telemetry update.
Select engine icon\ Backup\ Set name\ Set file location\ Set password and OK.
Open a backup file with a simple text editor as notepad/notepad++ and modify no_dns_registration 0 ->1, then save.
Restore backup, select engine icon\ restore\ search for backup file\ set password\ ok.
Parameters:
0 FortiClient will try to register ALL NIC address in DNS (default parameter).
1 FortiClient will NOT register any IP.
2 FortiClient will try to register ONLY VPN-SSL tunnel IP in DNS.
Related document:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.