Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pcbron
New Contributor

Created on ‎05-30-2025 01:47 PM

FortiClient SSL-VPN fails to restore DNS registration settings after disconnecting

Since we migrated to Fortinet and SSL-VPN with FortiClient last year, we have had an increasing number of issues with the client leaving DNS registration disabled on wired and wireless interfaces after a user disconnects from VPN. 

 

The "no_dns_registration" option is set to 2 in the configuration, and it successfully disables registration for the local adapter(s) while connected and restores the setting after disconnecting the majority of the time.   However, we find at least one user weekly whose computer still has a VPN IP address in AD DNS even though they are in the office.   FortiClient version is 7.4.3 (VPN only).    The Advanced TCP/IP Settings window on their network adapter shows that DNS registration is disabled:

Screenshot 2025-05-30 153621.png

 

I thought it may be related to users closing their laptops while connected to VPN or otherwise not disconnecting cleanly, but thus far I have been unable to reproduce it on demand.  

 

Is anyone else experiencing this and do you have any suggestions for resolving it?   I'm working a script to clean up the settings periodically, but I am hoping for a less clunky solution.

Labels:
1209
0 Kudos
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Created on ‎06-02-2025 12:10 AM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
1163
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎06-04-2025 12:00 AM

Hello,

We are still looking for someone to help you.

We will come back to you ASAP.


Thanks,

Anthony-Fortinet Community Team.
1136
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎06-05-2025 02:42 AM

Hi,

 

If FortiClient SSL VPN fails to restore DNS registration settings after disconnecting, follow these steps to troubleshoot and resolve the issue:

  1. Verify FortiClient Configuration: Ensure that the "Prefer SSL VPN DNS" option is configured correctly. If enabled, it should prepend the custom DNS server from SSL VPN to the physical interface.
  2. Check DNS Cache Service Control: Confirm that FortiClient is set to disable Windows DNS cache when establishing an SSL VPN tunnel and that it restores the cache after disconnection.
  3. Review Adapter Settings: After disconnecting from the VPN, manually check the DNS settings on the local adapter to ensure they are set to automatic. If not, manually set them to obtain DNS server addresses automatically.
  4. Update FortiClient:  Ensure you are using the latest version of FortiClient, as updates may contain fixes for known issues.
  5. Registry Key Verification: Check the registry key related to Smart Multi-Homed Name Resolution to ensure it is configured correctly: `Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DisableSmartNameResolution`.
  6. Reboot the System: Sometimes, a simple system reboot can resolve issues with network settings not being restored properly.
Anthony-Fortinet Community Team.
1116
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.