Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rpoon
New Contributor

IPv6 causing SSL VPN connection issue

We used to have FortiClient version 6.2.6 and it works well on SSL VPN connection to our corporate network (gateway FortiOS version 6.4.3).  Once we upgraded to FortiClient 6.4.3, we start getting intermittent connectivity issue in that user cannot access network resources due to DNS resolution failure.  It's found to be caused by client's network interface attempts to query DNS through IPv6 and failed.  It then stop there without attempting querying IPv4 DNS.  We are stuck with no solution from Fortigate and desperately need to resolve it.  Does anyone encounter similar issue and can share some ideas?

 

Thanks

1 Solution
isamt

So far we have not encountered any issues with IPv6 enabled home users, however it was only a small percentage of our users that have IPv6 enabled Internet connections so can't say for 100% certainty yet.

 

FortiClient is independent of the Fortigate firmware version so yes you need EMS 7.0 or later and you may need to convert your EMS licences to version 6.4 at least then other than that you can upgrade your clients to 7.0 so not a lot of work at all.

View solution in original post

5 REPLIES 5
isamt
Contributor

I have encountered the same issue.

Resolutions was to disable IPV6 on the network adaptor at the client end.

 

 

rpoon
New Contributor

Unfortunately, Fortinet team seems uninterested in providing a viable solution to the issue.  We have over 1000 clients and need a centrally managed deployment of the solution.  Also concern if disabling IPv6 on the client may cause any other issue that we are not aware of.

isamt

Your best option is to upgrade to FortiClient 7.0.0 or 7.0.1 which support dual stack IPv4 and IPv6

 

I'm currently upgrading users to 7.0.0 which is significantly better than the previous versions of the client.

 

rpoon
New Contributor

Does it work with IPv6 remaining enabled?  The upgrade notes mentioned that I have to upgrade EMS Server to 7.0 to match with that.  May also need to upgrade Fortigate and other connecting components too.  A lot of preparations required.

isamt

So far we have not encountered any issues with IPv6 enabled home users, however it was only a small percentage of our users that have IPv6 enabled Internet connections so can't say for 100% certainty yet.

 

FortiClient is independent of the Fortigate firmware version so yes you need EMS 7.0 or later and you may need to convert your EMS licences to version 6.4 at least then other than that you can upgrade your clients to 7.0 so not a lot of work at all.