Description | This article describes the case when the Windows Firewall is not switching to Domain after a VPN connection, blocking traffic. |
Scope | FortiClient. |
Solution |
There is a lag for the FortiClient to install routes on the endpoint routing table. Sometimes, that lag is significant enough to cause Domain misidentification.
The Windows registry can be edited to disable 'Domain Discovery negative cache' and 'DNS negative cache', to improve the Network Location Awareness (NLA) service when it does the domain detection.
Registry script (Save this script to VPN.reg and run it):
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
After adding these registry keys, reboot the Windows device.
Related document: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.