Technical Tip: Dial-up IPSec VPN configured with Split-Tunnel and 2FA Email - Losing Internet access, while FortiClient is prompting for FortiToken

This article describes how to allow Internet access to FortiClient PC, while FortiClient is prompting for FortiToken.

Export the FortiClient Configuration file.

Under Settings -> System -> Restore a Configuration -> Backup, save the file to the local disk.

Open the FortiClient Backup Configuration file in Notepad or Notepad++ & Modify the below settings.

<implied_SPDO>1</implied_SPDO>

<implied_SPDO_timeout>200</implied_SPDO_timeout>

Import the FortiClient Config file.

Under Settings -> System -> Restore a Configuration -> Restore, select the modified FortiClient configuration file.

Reason:
'implied_SPDO' - When this setting is 0, FortiClient only allows traffic from ports 500 and 4500.
When this setting is 1, FortiClient allows other traffic during the connection phase, including Internet traffic.

'implied_SPDO_timeout' - FortiClient will retain entries in the SPDO for 200 seconds after the entry is created before they are automatically cleared if there is no related activity. 200 is a good time to wait and insert the FortiToken.