- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Cisco Umbrella with FortiClient VPN
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cisco Umbrella with FortiClient VPN
We are trying to roll out Cisco Umbrella to our employees. However a subsection of our users need to always connect to FortiClient VPN to work.
Config:
Our FortiGate that everyone is connecting to has Umbrella DNS servers set as its main DNS.
Laptops use what the Default ISP DNS server is when the user is home when umbrella is not installed.
Situation:
- Users have no issues with FortiClient VPN over past year.
- We installed Cisco umbrella onto users laptops. No issue when not connected to VPN. When we ran an IPConfig /all the DNS server was 127.0.0.1
- When they connect to VPN, the VPN connects however, their wifi icon shows "No internet" and nothing loads.
- When we disconnect VPN everything works again.
- I uninstalled Fortinet VPN Drivers and ran a repair on the FortiClient VPN.
- Signed back into VPN and everything worked as normal with umbrella. IPconfig /all shows DNS as 127.0.0.1 for local wifi and VPN connection DNS server
- after about 2 or 3 days of this working fine. Users begin to say they lose internet when connecting to Forticlient VPN again.
My computer had this issue once but no issue since I ran the repair after uninstalling the drivers.. out of the other 5 users that we are testing with they all lost internet 2 or 3 days after doing the repair when connecting to the VPN with Umbrella.
For the time being I just uninstalled Umbrella from all the computers and everything is working again. But I want to know if anyone has these two products running successfully together consistently.
Labels:
- Labels:
-
FortiClient
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found it difficult and frustrating to run these together and experienced intermittent issues as well. Here are some things I looked at when I tried to troubleshoot this that you may want to try:
FortiClient EMS (if you have it) - modify DNS Cache Control settings. Modify "Prefer SSL VPN DNS" value (assuming you are using SSL and not IPSEC). You can also toggle the XML setting to prefer legacy VPN SSL adapter. Block IPv6 (if you do not need this) on VPN settings. Failing these, you can attempt to try IPSEC (if you're currently using SSL) or vice versa.
Umbrella - ensure that local LANs are defined. Turn on VPN Compatibility Mode.
I ultimately looked at DNSFilter (https://www.dnsfilter.com/) as a replacement for Cisco Umbrella to run in tandem with FortiClient. DNSFilter works similarly to Umbrella, but has a feature in which you can disable the DNS agent entirely if a client is on VPN. This can help to avoid some of the pain that you're currently experiencing.
Let me know if any of this helps, good luck!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are experiencing similar issues after migrating to FortiClient EMS. I've been thinking about replacing or getting rid of Umbrella entirely and just relying on EMS for filtering. Umbrella's pricing structure is very convoluted and seems to be about twice the cost of the Pro license from DNS Filter. Now that it's been another year since you posted, how have you liked it?
Related Posts
- Connect fortinet to MERAKI cisco firewall... 154 Views
- Fortinet FSSO and Cisco ISE pxgrid 234 Views
- Fortinet solution for DNS filtering when... 315 Views
- Webpage is not accessible // Opendns... 537 Views
- Client VPN IPSEC with FortiClient fail 1000 Views
Labels
-
FortiGate
6,678 -
FortiClient
1,330 -
5.2
801 -
5.4
639 -
FortiManager
578 -
FortiAnalyzer
422 -
6.0
416 -
5.6
362 -
FortiSwitch
342 -
FortiAP
339 -
FortiClient EMS
272 -
FortiMail
259 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
159 -
6.4
128 -
FortiNAC
110 -
FortiGuard
106 -
FortiSIEM
92 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
79 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
67 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
30 -
SD-WAN
30 -
Firewall policy
29 -
High Availability
24 -
FortiConnect
24 -
VLAN
22 -
FortiWAN
22 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Interface
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
FortiDDoS
13 -
Logging
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
10 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
Authentication
8 -
SSL SSH inspection
8 -
Traffic shaping
8 -
SSO
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
4.0MR1
1 -
Users
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.