Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
SAJUDIYA
Staff
Staff

Created on ‎01-03-2024 10:47 AM

Article Id 292333

Troubleshooting Tip: iPhone users unable to connect to FortiClient SSL VPN

Description

This article explains and offers solutions for an issue where iPhone users specifically are unable to connect to a FortiClient SSL VPN while other users can connect to the split tunnel.
Scope All products, FortiClient SSL VPN.
Solution
  • Due to iOS limitations, the DNS suffixes are not used for searches as in Windows. Using short names (i.e. not fully qualified domain names (FQDNs)) may not be possible.

  • To fix this, configure the DNS suffix to allow iPhone users to connect to SSL VPN with a split tunnel.

  • To use the SSL DNS server for a split tunnel, configure the DNS suffix on the FortiGate side. The following is an example of configuring the SSL DNS server for a split tunnel using FortiOS:

config vpn ssl settings

set dns-suffix

"domain1.com;domain2.com;domain3.com;domain4.com;domain5.com;domain6.com;domain7.com;domain8.com"

set dns-server1 10.10.10.10

set dns-server2 10.10.10.11

end

 

config vpn ssl web portal

edit "full-access"

set dns-server1 10.10.10.10

set dns-server2 10.10.10.11

set split-tunneling enable

next

end

 

See the FortiClient administration guide for setup instructions.
7168
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.