Description
This article describes how to avoid Dynamic DNS updates performed by FortiClient SSL VPN connection. This may affect the FortiNAC Tag.
Scope
FortiClient VPN, FortiClient EMS, FortiNAC.
Solution
FortiClient EMS and FortiClient VPN by default try to perform a dynamic DNS update in an SSL VPN connection. In some scenarios with FortiNAC_tag this may cause issues with the FSSO Collector Agent because a due 'IP address change timer' will detect an update in IP address.
To prevent this it is necessary to set to '1' in the no_dns_registration parameter.
- FortiClient EMS.
Endpoint Profiles\ Remote Access\ [Profile name]\ XML\ edit\ no_dns_registration and set 1.
Save changes and wait for the next FortiClient EMS Telemetry update.
- FortiClient VPN.
Select engine icon\ Backup\ Set name\ Set file location\ Set password and OK.
Open a backup file with a simple text editor as notepad/notepad++ and modify no_dns_registration 0 ->1, then save.
Restore backup, select engine icon\ restore\ search for backup file\ set password\ ok.
Parameters:
0 FortiClient will try to register ALL NIC address in DNS (default parameter).
1 FortiClient will NOT register any IP.
2 FortiClient will try to register ONLY VPN-SSL tunnel IP in DNS.
Related document:
