Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
forti4sure
New Contributor

SSL VPN blocks internet traffic (split dns connection) when connected but ONLY for a specific user

So, MS Surfaces and Forticlient VPN have been one of my Nemesis' at a specific site for a specific user.

 

Previously when we upgraded his Surface Pro a few years ago, when he'd connect via SSL VPN, internet connectivity would slow way down, at that time we were using the free Forticlient and got permission from Fortinet to get a trial version of the paid client to see if issue was FC related.  After a lot of back and forth, the issue was resolved and I and the user was happy.  I am going to review that ticket again and make sure there wasn't some kind of work around put in place that may be affecting this.

 

Fast forward to the beginning of June, we replaced his Surface and used our typical tool (TransWiz) to transfer his existing Windows profile to new machine, he was happy.  A few days later I get advised that when FortClient Free VPN is connected ALL internet traffic that's not across the link stops, example if I have a remote session with him I loose connectivity.  Also he can't use Zoom or email etc.  None of this is normal with his prior machine  and this does not occur for the 30 other users either (mix of both Mac and PC laptops and other Surfaces)

 

For troubleshooting, removed and reinstalled FC, then installed latest version from 2 weeks ago, no change.  Further testing indicates this ONLY occurs with his AD specific VPN user login and it doesn't matter which Windows Profile we use, his, a local admin or domain admin, all experience the same issue.  While logged into any windows profile, if I use a different user for the FC connection, no issues are all. It works as expected and the split connection also works as expected.

 

Background:

All SSL VPN Connections require MFA, when connection comes in, the firewall (100E) checks the internal radius server which checks AD and then forwards the request to external MFA server, the MFA app on the iPhone then requests approval and if approved, the VPN connection is allowed.

 

Any ideas or suggestions?

 

 

2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Hello forti4sure,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
Muhammad_Haiqal

Hi there,

Thank you for the explaination.
From my understanding, you already isolate the issue and its more to username issue.
On AD server, please verify if that username has been locked due too many attempt or expired. You may consider to reset the password too.

 

Hope that helps.

haiqal
Labels
Top Kudoed Authors