Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sgagan
Staff
Staff

Created on ‎02-20-2023 09:40 PM Edited on ‎09-21-2023 09:49 PM By Moderator

Article Id 246532

Technical Tip: Disable IPv6 SSL VPN

Description This article describes a DNS issue where FortiClient is trying to do DNS lookup using IPv6 when it is enabled on the endpoint network adapter while using SSL VPN.  
Scope FortiGate, FortiClient.
Solution

When IPv6 is enabled on the network adapter settings on the Endpoint device, Windows would prefer IPv6 over IPv4. 

 

To get an IPv4 address, it is possible to make these changes on the configuration file of FortiClient.

 

  1. Take the backup of the current FortiClient configuration:

 

Sgagan_0-1676925373870.png

 

  1. Open the FortiClient Backup(.conf) with the text editor. 

     

  2. Search for <block_ipv6>0</block_ipv6> under <sslvpn> and change the digit from 0 to 1.


     Sgagan_1-1676925373872.png

     

     

  3. When this setting is 1, FortiClient blocks IPv6 Connection and uses IPv4 only when the SSL VPN tunnel is up. 

     

  4. After making the change, save and restore the file back to the FortiClient.

     

  5. Connect to FortiClient and the IPv4 address will be now visible.
8836
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.