Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Connect to IPSec VPN with 2FA when connected through Teamviewer/Anydesk


So, here is my Problem:

I am conncted to a desktopmachine though Anydesk/Teamviewer. Now, i want to connect from this desktopmachine to a IPSec VPN with Forticlient. 

I put in my username and Password, afterwards i click connect. Now, Anydesk/Teamviewer loose the connection, and i can't (re)connect - on the desktopmachine the connection of course worked and Forticlient is aking for 2FA Code but in this state, AnyDesk/Teamviewer are not able to connect to the desktopmachine. Does anybody have a good idea on how to deal with this behaviour ? 


Hi Team,


This is the default behavior of forticlient.


When you are connecting to forticlient VPN through IPSEC, only port 4500 and 500 will be open and rest of the ports will be closed.

So if you are running any anydesk or teamvieer which run through internet they will be disconnected. To modify the default behavior:

Step 1:

Open FCT, navigate to settings, create a backup of the configuration and make a copy of this file as we will be making some changes.

Step 2:

Edit the XML file > Search for the IPSEC section with keyword <implied_SPDO> for the ISPEC profile that you used and edit the following highlighted value then save the XML file.

Change the <implied_SPDO> to "1" and the <implied_SPDO_timeout> to "60", the value is in second and 60 seconds should be sufficient for the PC to receive the OTP Email before the timeout to block other traffic than the IPSEC traffic. In case the PC takes more than 60 seconds to receive the OTP then you must increase the value from 60 to a higher value.

Once the value is set, save the configuration and restore the config to the FCT. Test it with one user PC and let us know if you face any issues.

For your Reference:


Hi there,


I know this is two years old but curious if you know of a way to send this fix out to all users? Is the only option EMS?

Top Kudoed Authors