Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gsi_mhorn
New Contributor

FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN

I have several computers running Windows 10 with FortiClient version 5.4.0.0780.  We are a consulting company and connect to one of our clients using an SSL VPN with the FortiClient per their IT Department.  When connecting to the VPN, the connection appears to complete successfully but when once the connection is established, all network connectivity is lost.  While connected you cannot reach anything on the internet by IP or DNS name nor anything on the other end of the VPN tunnel by IP or DNS name.  You can ping the local IP address you are assigned by the VPN server.  As soon as you disconnect from the VPN session your local network connectivity is restored.  

 

I have read through the documentation and we are not connected to any other VPN clients when this happens.  We also do not have the Cisco VPN Client installed which is known to conflict with the Forticlient.   IPv6 was disabled during testing just to rule that out. 

 

Has anyone else experienced this issue and have a work around?  Since we don't own a Fortinet product and are just using the free Forticlient, I'm not able to open a ticket with support. 

 

Thanks for any assistance in advance!

Matt

27 REPLIES 27
Terry
New Contributor

Not sure why you're having an issue with the IPs at your client. Are they not "pingable"?

 

As far as Internet and Local LAN access, the IT Department at your client has configured their Fortinet to disallow traffic outside of the client network, meaning that your consultants local LAN and Internet access out have been disabled when connected to the client via VPN. In order to get that changed, you will need to request that your client's IT department enable traffic outside their network.

 

This is not something you change, sorry.

gsi_mhorn

Thank you for the reply.  I should add that the problem I'm having does not appear to be that split tunneling is blocking my internet and local traffic.  The problem is when I'm connected to the VPN, no traffic is routing (no LAN, no Internet, no remote networks).  My work around for this is to use a Windows 7 VM and when connected using the same version of the Forticlient, I have no issues so I don't think it's a server side configuration.  While connected to the VPN on the Windows 7 VM, I can reach my LAN, Internet, and remote networks on the other side of  the tunnel.  It seems to be something specific to Windows 10.  Sorry if I didn't make that more clear in my initial post.  Do you have any other suggestions?

rwpatterson
Valued Contributor III

The property you are describing is called split tunneling, where VPN traffic goes to your client's network while all other traffic is routed normally. That needs to be set up by the client's IP staff as stated by Terry@dci. They may have that in place for a reason. You'll have to work with them, since it's their firewall, Fortinet won't talk to you.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
gsi_mhorn

Thank you for the reply.  I should add that the problem I'm having is not that split tunneling is blocking my internet and local traffic.  The problem is when I'm connected to the VPN, no traffic is routing (no LAN, no Internet, no remote networks).  My work around for this is to use a Windows 7 VM and when connected using the same version of the Forticlient, I have no issues.  While connected to the VPN on the Windows 7 VM, I can reach my LAN, Internet, and remote networks on the other side of  the tunnel.  It seems to be something specific to Windows 10.  Sorry if I didn't make that more clear in my initial post. 

cmpan88_FTNT

Do have have Dell VPN or DNE is installed on the same machine?   Those drivers might be conflicting.   You may remove them to verify the issue.

Chris_Lin_FTNT

FortiClient SSL windows app for Windows 10 is available now. It may worth a try.

brycedwhite

The FortiClient SSL app in the Windows Store does indeed connect to the VPN host, but only after I installed a proper SSL cert on the Fortigate 100D.  So now I can connect, but no traffic is routing to the remote netwotk.

 

Chris_Lin_FTNT

brycedwhite wrote:

The FortiClient SSL app in the Windows Store does indeed connect to the VPN host, but only after I installed a proper SSL cert on the Fortigate 100D.  So now I can connect, but no traffic is routing to the remote netwotk.

 

Could you check if the route, dns etc. are correct? Did you verify the traffic by sniffer on FortiGate?

brycedwhite

Chris.Lin wrote:

brycedwhite wrote:

The FortiClient SSL app in the Windows Store does indeed connect to the VPN host, but only after I installed a proper SSL cert on the Fortigate 100D.  So now I can connect, but no traffic is routing to the remote netwotk.

 

Could you check if the route, dns etc. are correct? Did you verify the traffic by sniffer on FortiGate?

Hi Chris,  I have not checked anything on the Fortigate as I'm not real comfortable messing around with the unit.  I can tell you, however, that I have dozens of Windows 7 PCs and a handful of Windows 10 and Macs that have been connecting and accessing resources for a couple of years - never seen this situation before.

Top Kudoed Authors