Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jeff_sailers
New Contributor

VPN-Only Free FortiClient Issues with OpenDNS

We are having issues with the free VPN-Only FortiClient on computers that are also running the OpenDNS Umbrella client.  The issue is intermittent and happens only with some users, sometimes.  The issue that seems to occur is that computers aren't getting DNS servers assigned to the FortiClient interface sometimes.  Other times, we do see the DNS server, but we can't resolve DNS names.  In some cases, we've been able to disabled the umbrella client and name resolution starts to work, but not every time.

 

Anyone seem something like this before?

4 REPLIES 4
vtsonev
Staff
Staff

Hello Jeff,

 

Fortinet doesn't recommend to install FortiClient paralell with other VPN software solutions on the same workstations. In such cases there might be different kind of problems. 

I would say that the behavior you observed is expected.

 

Best regards,

Vasil

Fortinet Technical Team Lead
NSE 1-4,7 Certified
jeff_sailers

Thanks for the input, but to clarify, OpenDNS isn't VPN software.  It is a web content filtering product that blocks web traffic based on DNS queries.  We have been using OpenDNS with FortiClient in other environments successfully for years.  The main difference in this environment from others is this one uses the free VPN only client where others that haven't had this issue were full, EMS-Controlled FortiClient implementations.

vtsonev
Staff
Staff

Hi Jeff,

 

I am sorry about the confusion. (overlooked with OpenVPN)

 

Looking about this compatibility problem I found the following information on the OpenDNS vendor site:

https://support.umbrella.com/hc/en-us/articles/230561147-Umbrella-Roaming-Client-VPNs-and-Software-C...

The IP Layer Enforcement feature of the Roaming Client is incompatible with:

Built-in OS X VPN client
F5 VPN
> Fortinet FortiClient
SonicWALL VPN (some environments)
Checkpoint VPN
It is known to be compatible with the following VPN Clients only. If it is not on this list, and you are experiencing an issue, disable IP Layer Enforcement and confirm if the issue also resolves.

 

 

There have been multiple similar issues in the past reported by customers ( between OpenDNS and Forticlient). On the paid-license version you can try changing Forticlient's control of the DNS Cache Service under VPN>SSL VPN in the EMS profile. Unfortunately you have an issue on the free version where this option is not available.

 

Best regards,

Vasil

Fortinet Technical Team Lead
NSE 1-4,7 Certified
jeff_sailers

This is interesting info.... thank you for sending.  We'll try disabling IP Layer Enforcement and report back here on whether that helps any.