FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 206686

This article will explain how to resolve the issue when the customer is seeing both the local adaptor IP and SSL VPN adaptor IP on the local DNS server.

Scope FortiGate/FortiClient

Local IP: The IP assigned to the end-user network adaptor might be LAN or WI-FI.

SSL VPN IP: The IP assigned from the FortiGate to the SSL VPN adaptor.


When the end-user is connected to the SSL VPN and gets the internal DNS IP address from the FortiGate, this error occurs.

Below is a sample output from the user's PC after connecting to SSL VPN.



Entry on the DNS server for the same user after connecting to SSL VPN


The solution to resolve this issue is described below:


Step 1> Take the XML backup of the FortiClient using the below link.

Step 2> Open the backup file using notepad.

Step 3 > Search for the below keyword in the notepad and change the value to 2.

" no_dns_registration"

Step 4 > While searching the keyword two lines can be found, do the changes on both.

Step 5 > After the changes save the file and import it again to the FortiClient.

Step 6 > After that tried to connect the FortiClient and now the SSL VPN IP on the local DNS server can be seen.


Below is the change in DNS entry in the server:



If no_dns_registration=1, only the physical network adapter's "Register This Connection's Address in DNS" is selected.
If no_dns_registration=2, only the tunnel interface's "Register This Connection's Address in DNS" is selected.
if no_dns_registration=0 both physical and tunnel interface's "Register This Connection's Address in DNS" is selected.