maybe someone here had similar experiences or any idea what we might be looking at here, as my colleagues and me are kind of at a loss at the moment. Sorry for the long post as I'm trying to give details.
We have been using FortiClient 6.0.x (without EMS) for the longest time for a SSL-VPN split-tunnel setup for access to internal resources and never really ran into big issues with that setup. Recently, we deployed FortiEMS and with that, version 6.4.2 of the FortiClient. The SSL-VPN setup remained identical.
-> Suddenly, some of our users got issues with accessing internal resources. We quickly realized we had a DNS issue, as the same services were reachable via IP, but not hostname / FQDN. We had hints that the issues might be related to users having dual-stack (lite) connections at home and our IPv4 DNS server being overruled by a local IPv6 DNS (the user's router).
->> After some troubleshooting that never seemed to fully fix the issue (block IPv6 via XML config for SSL-VPN, disable smart name resolution via registry etc.), we deployed a Dialup IPSec tunnel (this one also set up to block IPv6) and rolled that out to selected users. This IMMEDIATELY solved the issue for most of the affected users and even made network connections a bit more responsive for the other ones.
->>> But now, we suddenly get a few users with issues again. These don't seem to be DNS-related, but rather a general connectivity issue. They can connect fine, both to SSL and IPSec VPN, but actually using internal resources via VPN doesn't. Sometimes even the connectivity to EMS via VPN is broken even though we can ping the server.
- We can ping and traceroute the internal systems just fine
- ipconfig shows DNS and IP of the VPN set up properly on the client
- routes on the client for the tunneled networks are set up properly after connection
- our FortiAnalyzer even shows traffic (incoming and outgoing) to the internal servers from the affected clients, but we get occasional log entries for "no session matched" for traffic that otherwise looks fine in the logs.
- This doesn't seem to be DNS-related as eg. accessing a file server via SMB works neither via IP nor hostname, it just loads forever and then runs in a timeout
- COMPLETELY uninstalling the FortiClient, rebooting, reinstalling, rebooting and then trying again sometimes fixes the issue for a day or two, just to start again after that.
We have the feeling something on the client-side messes up network settings or drivers in some way or the other, but we can't really pinpoint it. Two users have Hyper-V installed and therefore virtual network adapters / switches, but we have other users with the problem who don't.
As I said, we are at a loss at the moment. Has anyone ideas or hints what might cause issues like this?
Thanks a lot in advance and best regards!