I have installed the free version of FortiCli on my Windows machine. I would like to connect to my FortiGate using a remote access connection. I have managed to do this when my Windows machine has an internet connection, however, I have noticed that if I am using the same Windows machine offline (which is what I intend to do but over a wireless network) I cannot connect to the VPN. Is there a way I can make this work without having to connect to the internet? Why do I need internet for this to work?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What path do you intend the VPN traffic to take if the PC does not have an internet connection?
Is the PC plugged into an MPLS circuit or something similar? Maybe a topology diagram would be helpful.
For testing, it's a simple path. From computer directly to port 1 of the firewall. Just simply trying to prove IPsec VPN connection can be established on the LAN without the computer having to have a internet connection.
Created on 03-28-2024 05:56 AM Edited on 03-28-2024 05:57 AM
As long as you have Layer 3 connectivity, it should be able to work.
Are you able to run an IKE debug on the FortiGate while trying to connect?
See instructions here: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPSEC-Tunnel-debugging-IKE/ta-p/1900...
Hi,
Please check the connectivity to sslvpn IP and port from the PC. It is not a mandatory condition that you need internet for this to work. If the SSL Connection can be established between the client and sslvpn IP/port then the VPN should come up.
Regards,
Shiva
Is it the same for IPsec, we would like to use IPsec as seeing quite a few vulnerabilities aimed at the SSL VPN connections recently, so thinking this might be a more secure way to go.
Hi,
I had the same issue with FortiClient v7.2.4.
It seems that communication to Microsoft Security Center is required, or DNS name resolution and communication to the MS site must be performed in advance.
Therefore, we recommend that you change the value of <disable_internet_check> in the FortiClient configuration file from 0 to 1 and check if the issue is resolved.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1667 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.