Troubleshooting Tip: iPhone users unable to connect to FortiClient SSL VPN

SAJUDIYA · ‎01-03-2024

Description

This article explains and offers solutions for an issue where iPhone users specifically are unable to connect to a FortiClient SSL VPN while other users can connect to the split tunnel.

Scope

All products, FortiClient SSL VPN.

Solution

Due to iOS limitations, the DNS suffixes are not used for searches as in Windows. Using short names (i.e. not fully qualified domain names (FQDNs)) may not be possible.
To fix this, configure the DNS suffix to allow iPhone users to connect to SSL VPN with a split tunnel.
To use the SSL DNS server for a split tunnel, configure the DNS suffix on the FortiGate side. The following is an example of configuring the SSL DNS server for a split tunnel using FortiOS:

config vpn ssl settings

set dns-suffix

"domain1.com;domain2.com;domain3.com;domain4.com;domain5.com;domain6.com;domain7.com;domain8.com"

set dns-server1 10.10.10.10

set dns-server2 10.10.10.11

end

config vpn ssl web portal

edit "full-access"

set dns-server1 10.10.10.10

set dns-server2 10.10.10.11

set split-tunneling enable

See the FortiClient administration guide for setup instructions.

Related article:

Technical Tip: Assign an internal DNS server through the dns-suffix setting for iPhone

Troubleshooting Tip: iPhone users unable to connect to FortiClient SSL VPN

You are leaving our website