I have several computers running Windows 10 with FortiClient version 5.4.0.0780. We are a consulting company and connect to one of our clients using an SSL VPN with the FortiClient per their IT Department. When connecting to the VPN, the connection appears to complete successfully but when once the connection is established, all network connectivity is lost. While connected you cannot reach anything on the internet by IP or DNS name nor anything on the other end of the VPN tunnel by IP or DNS name. You can ping the local IP address you are assigned by the VPN server. As soon as you disconnect from the VPN session your local network connectivity is restored.
I have read through the documentation and we are not connected to any other VPN clients when this happens. We also do not have the Cisco VPN Client installed which is known to conflict with the Forticlient. IPv6 was disabled during testing just to rule that out.
Has anyone else experienced this issue and have a work around? Since we don't own a Fortinet product and are just using the free Forticlient, I'm not able to open a ticket with support.
Thanks for any assistance in advance!
Matt
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Not sure why you're having an issue with the IPs at your client. Are they not "pingable"?
As far as Internet and Local LAN access, the IT Department at your client has configured their Fortinet to disallow traffic outside of the client network, meaning that your consultants local LAN and Internet access out have been disabled when connected to the client via VPN. In order to get that changed, you will need to request that your client's IT department enable traffic outside their network.
This is not something you change, sorry.
Thank you for the reply. I should add that the problem I'm having does not appear to be that split tunneling is blocking my internet and local traffic. The problem is when I'm connected to the VPN, no traffic is routing (no LAN, no Internet, no remote networks). My work around for this is to use a Windows 7 VM and when connected using the same version of the Forticlient, I have no issues so I don't think it's a server side configuration. While connected to the VPN on the Windows 7 VM, I can reach my LAN, Internet, and remote networks on the other side of the tunnel. It seems to be something specific to Windows 10. Sorry if I didn't make that more clear in my initial post. Do you have any other suggestions?
The property you are describing is called split tunneling, where VPN traffic goes to your client's network while all other traffic is routed normally. That needs to be set up by the client's IP staff as stated by Terry@dci. They may have that in place for a reason. You'll have to work with them, since it's their firewall, Fortinet won't talk to you.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Thank you for the reply. I should add that the problem I'm having is not that split tunneling is blocking my internet and local traffic. The problem is when I'm connected to the VPN, no traffic is routing (no LAN, no Internet, no remote networks). My work around for this is to use a Windows 7 VM and when connected using the same version of the Forticlient, I have no issues. While connected to the VPN on the Windows 7 VM, I can reach my LAN, Internet, and remote networks on the other side of the tunnel. It seems to be something specific to Windows 10. Sorry if I didn't make that more clear in my initial post.
Do have have Dell VPN or DNE is installed on the same machine? Those drivers might be conflicting. You may remove them to verify the issue.
FortiClient SSL windows app for Windows 10 is available now. It may worth a try.
The FortiClient SSL app in the Windows Store does indeed connect to the VPN host, but only after I installed a proper SSL cert on the Fortigate 100D. So now I can connect, but no traffic is routing to the remote netwotk.
brycedwhite wrote:Could you check if the route, dns etc. are correct? Did you verify the traffic by sniffer on FortiGate?The FortiClient SSL app in the Windows Store does indeed connect to the VPN host, but only after I installed a proper SSL cert on the Fortigate 100D. So now I can connect, but no traffic is routing to the remote netwotk.
Chris.Lin wrote:Hi Chris, I have not checked anything on the Fortigate as I'm not real comfortable messing around with the unit. I can tell you, however, that I have dozens of Windows 7 PCs and a handful of Windows 10 and Macs that have been connecting and accessing resources for a couple of years - never seen this situation before.brycedwhite wrote:Could you check if the route, dns etc. are correct? Did you verify the traffic by sniffer on FortiGate?The FortiClient SSL app in the Windows Store does indeed connect to the VPN host, but only after I installed a proper SSL cert on the Fortigate 100D. So now I can connect, but no traffic is routing to the remote netwotk.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.