Technical Tip: Windows FortiClient Disable Internet Connectivity Check for Dialup VPN

FortiKoala · ‎11-28-2017

Description

This article describes that in a closed environment, i.e. a network with no internet access, before v5.6.2, FortiClient will not dial-up because it uses the windows internet check to verify network connectivity.

Scope

FortiClient.

Solution

Allow auto-connect dial-up VPN to run after a reboot of the Windows Client in a closed environment

Configuration
In the Windows FortiClient

Backup the FortiClient Configuration
Edit the FortiClient configuration file you will find a new xml option <disable_internet_check> under <VPN>.
Modify 0 to 1 then restore the xml configuration file again

<vpn>
<options>
...
<disable_internet_check>0</disable_internet_check>
</options>

Note:
This feature refers to the Windows Network Connection Status Indicator (NCSI). Even in a network with internet access, NCSI function probes may fail if the destination is restricted. The above option is also valid in such cases.

Related documents:
VPN options
https://learn.microsoft.com/en-us/windows-server/networking/ncsi/ncsi-overview

https://learn.microsoft.com/en-us/windows-server/networking/ncsi/ncsi-frequently-asked-questions

Technical Tip: Windows FortiClient Disable Internet Connectivity Check for Dialup VPN

You are leaving our website