FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jbindra
Staff
Staff
Article Id 272880
Description

This article describes that the FortiClient user connects successfully and gets a valid IP address given via DHCP and is shown on the FortiClient connection page.

However, the user cannot access anything on the internal network because the Fortinet SSL VPN Virtual Ethernet Adapter gets an automatic IP (APIPA, 169.254.x.x) and not the one given by the DHCP enabled under the SSL VPN Settings ->  Tunnel mode client settings in FortiGate.

Scope FortiGate, FortiClient.
Solution

The users can connect to the SSL VPN successfully, and FortiClient receives the correct IP address.

However, the routes are not showing up on the user's PC.

 

client.png

 

This issue is due to the Microsoft update (KB2693643) on Windows 11.

KB2693643 is not compatible with the Windows 11.

To verify if the Windows 11 machine has KB2693643 Installed, use either or all of the below commands:

 

systeminfo | findstr "KB2693643"

wmic qfe list full /format:table | findstr /i "2693643"

(In Powershell) > Get-HotFix | Sort-Object InstalledOn -Descending | findstr "2693643"

 

Check if the user is using Windows 11 22H2 version, the user may have installed Remote Server Administration Tools (KB2693643) on the Windows system.

 

Uninstall the KB2693643 by running the following command on the command prompt (opened as Administrator): 

 

wusa /uninstall /kb:2693643 

 

Capture.PNG

 

After running the command, a pop window will display, Select 'yes' to confirm

 

Following this, disconnect from FortiClient and connect with it again, this time the user will be able to access the internal resources behind the FortiGate.

It is also possible to uninstall the KB2693643 using the following steps in the Windows 11 Machine where the user is connected to the FortiClient VPN:

 

Select Start -> Settings -> Windows Update -> Update history -> Uninstall updates.

win11.png

 

 

After uninstalling the Microsoft Update KB2693643, reconnect to the FortiClient.