We are trying to roll out Cisco Umbrella to our employees. However a subsection of our users need to always connect to FortiClient VPN to work.
Config:
Our FortiGate that everyone is connecting to has Umbrella DNS servers set as its main DNS.
Laptops use what the Default ISP DNS server is when the user is home when umbrella is not installed.
Situation:
My computer had this issue once but no issue since I ran the repair after uninstalling the drivers.. out of the other 5 users that we are testing with they all lost internet 2 or 3 days after doing the repair when connecting to the VPN with Umbrella.
For the time being I just uninstalled Umbrella from all the computers and everything is working again. But I want to know if anyone has these two products running successfully together consistently.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I found it difficult and frustrating to run these together and experienced intermittent issues as well. Here are some things I looked at when I tried to troubleshoot this that you may want to try:
FortiClient EMS (if you have it) - modify DNS Cache Control settings. Modify "Prefer SSL VPN DNS" value (assuming you are using SSL and not IPSEC). You can also toggle the XML setting to prefer legacy VPN SSL adapter. Block IPv6 (if you do not need this) on VPN settings. Failing these, you can attempt to try IPSEC (if you're currently using SSL) or vice versa.
Umbrella - ensure that local LANs are defined. Turn on VPN Compatibility Mode.
I ultimately looked at DNSFilter (https://www.dnsfilter.com/) as a replacement for Cisco Umbrella to run in tandem with FortiClient. DNSFilter works similarly to Umbrella, but has a feature in which you can disable the DNS agent entirely if a client is on VPN. This can help to avoid some of the pain that you're currently experiencing.
Let me know if any of this helps, good luck!
We are experiencing similar issues after migrating to FortiClient EMS. I've been thinking about replacing or getting rid of Umbrella entirely and just relying on EMS for filtering. Umbrella's pricing structure is very convoluted and seems to be about twice the cost of the Pro license from DNS Filter. Now that it's been another year since you posted, how have you liked it?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.