Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
syadav
Staff
Staff

Created on ‎12-06-2022 09:43 PM Edited on ‎12-08-2022 10:47 PM By Community Manager

Article Id 232479

Technical Tip: Fortinet Virtual Ethernet Adapter’s IP address is the default gateway for another client

Description

 

This article explains common behavior seen by users after connecting to the remote access VPN on FortiGate in full tunnel mode with FortiClient.

 

Scope

 

FortiGate when making connections to the remote access VPN.

 

Solution

 

When users connect to the remote access VPN (Dial-up IPsec or SSLVPN), the below behavior occurs where the Default gateway on one client may be the assigned IP address for another user's Virtual Adapter.

 

Client01

 

IP Configuration:

 

syadav_0-1670378847166.png

 

Route Table:

 

syadav_1-1670378847168.png

 

Client02

 

IP Configuration:

 

syadav_2-1670378847174.png

 

Route Table:

 

syadav_3-1670378847176.png

 

The Default Gateway of Client01 is the same as the assigned IP of Client02 10.212.134.201 on the Virtual adapter.

 

This behavior is expected when users are connected to the remote access VPN (including SSL VPN and Dial-up IPSec) using full-tunnel mode with FortiClient.

This behavior is caused by a limitation in Windows where a route entry cannot use its own IP as the gateway address. Instead, the gateway address is set to the assigned IP + 1.

4122
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.