Android device (Samsung S21) with Forticlient VPN do connect successfully (100%), get an IP address and are connected but no traffic is going through.
Via Forticlient Windows everything works as expected and traffic is allowed and routed normally.
Policy lookup shows the correct policy.
What could be the reason that the android VPN client does connect but does not transfer any traffic?
- app was freshly uninstalled and installed.
- Forticlient VPN on windows PC works correctly.
- policy lookup shows correct policy when looking up.
- logging show SSL VPN client (both windows and adroid) is successfully connected
- both (windows client and android client) use same settings and user
- Nothing flows (testing with direct IP addresses and no DNS.
Is the Forticlient VPN on android broken?
Any directive?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Sanderi,
I have found this old Forum discussion:
Could you please have a look and tell me if it helped?
Regards,
So some progress. It seems hat after updating to fortios 7.0.x something changed in the sslvpn settings. After changing from middle to top setting all is fine again.
What is very weird is that this only had direct influence on the android VPN client and not the windows VPN client. Any direction on that?
He Sanderl,
this would sound like the routing table on the Android is not done properly. This setting affects the DNS setting in the way that the DNS queries and traffic for internal sites are directed through the tunnel and everything else goes elsewhere.
With Android you might be able to check the "route -n" on a terminal app. You can also install an opensource packet capture called "pcapdroid". Capture traffic from one specific application only (it doesn't matter which one), and see whether the traffic is being responded to.
On FGT you should check if you see the traffic generated by the client (meant for internal destinations (traffic log, packet capture).
Best regards,
Markus
"route -n" might not work, use "ip route" instead, just tested.
Hello sanderi,
I will forward your interrogation to an expert and will come back to you ASAP.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.