Description
This article describes about an issue where after connecting to SSLVPN via FortiClient, users may experience connection issues for up to 10 minutes on Dell laptops with Windows 10/11.
This affects both setups with split-tunneling enabled, where FortiClient pushes the split subnets to the Windows routing table, and setup where all user traffic is sent to the tunnel.
Scope
- FortiClient 6.4, 7.0, FortiGate 6.4, 7.0
- Windows 10, Windows 11
- Dell laptops with Dell Optimizer software
Solution
When checking the routing table with route print in cmd, an extra route can be seen that points to the local gateway.
This can disrupt the connection to the internal DNS server and/or domain controller.
Example routing table right after connecting:
Network Destination | Netmask | Gateway | Interface | Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.145 45
0.0.0.0 0.0.0.0 172.16.1.2 172.16.1.1 1
10.10.0.0 255.255.255.0 192.168.1.1 192.168.1.145 46 <--- Route injected via VPN but pointing to 192.168.1.145 which is user local gateway
After routing update:
Network Destination | Netmask | Gateway | Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.145 50
0.0.0.0 0.0.0.0 172.16.1.2 172.16.1.1 1
10.10.0.0 255.255.255.0 172.16.1.2 172.16.1.1 2 <--- Route updated to SSLVPN gateway
To address this issue, uninstall Dell Optimizer or at least disable ExpressConnect:
https://www.dell.com/support/manuals/cs-cz/dell-optimizer/dell-optimizer-2.0_ug/network-(expressconn...
