FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ksolovjova
Staff
Staff

Description

 

This article describes about an issue where after connecting to SSLVPN via FortiClient, users may experience connection issues for up to 10 minutes on Dell laptops with Windows 10/11.


This affects both setups with split-tunneling enabled, where FortiClient pushes the split subnets to the Windows routing table, and setup where all user traffic is sent to the tunnel.

 

Scope

 

- FortiClient 6.4, 7.0, FortiGate 6.4, 7.0

- Windows 10, Windows 11

- Dell laptops with Dell Optimizer software


Solution

 

When checking the routing table with route print in cmd, an extra route can be seen that points to the local gateway.

This can disrupt the connection to the internal DNS server and/or domain controller.

 

Example routing table right after connecting:

 

Network Destination | Netmask | Gateway | Interface | Metric
0.0.0.0  0.0.0.0  192.168.1.1  192.168.1.145  45
0.0.0.0  0.0.0.0  172.16.1.2  172.16.1.1  1
10.10.0.0  255.255.255.0  192.168.1.1  192.168.1.145  46 <--- Route injected via VPN but pointing to 192.168.1.145 which is user local gateway


After routing update:

 

Network Destination | Netmask | Gateway | Interface Metric
0.0.0.0  0.0.0.0  192.168.1.1  192.168.1.145  50
0.0.0.0  0.0.0.0  172.16.1.2  172.16.1.1  1
10.10.0.0  255.255.255.0  172.16.1.2  172.16.1.1  2 <--- Route updated to SSLVPN gateway

 

To address this issue, uninstall Dell Optimizer or at least disable ExpressConnect:

 

https://www.dell.com/support/manuals/cs-cz/dell-optimizer/dell-optimizer-2.0_ug/network-(expressconn...

Contributors