Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ABE_63
New Contributor III

Created on ‎03-20-2024 06:57 AM

FortiClient requires internet access on the client machine

I have installed the free version of FortiCli on my Windows machine. I would like to connect to my FortiGate using a remote access connection. I have managed to do this when my Windows machine has an internet connection, however, I have noticed that if I am using the same Windows machine offline (which is what I intend to do but over a wireless network) I cannot connect to the VPN. Is there a way I can make this work without having to connect to the internet? Why do I need internet for this to work?

Labels:
2121
0 Kudos
6 REPLIES 6
johnathan
Staff
Staff

Created on ‎03-20-2024 11:41 AM

What path do you intend the VPN traffic to take if the PC does not have an internet connection?
Is the PC plugged into an MPLS circuit or something similar? Maybe a topology diagram would be helpful. 


"Never trust a computer you can't throw out a window."
2091
ABE_63
New Contributor III
In response to johnathan

Created on ‎03-28-2024 02:47 AM

For testing, it's a simple path. From computer directly to port 1 of the firewall. Just simply trying to prove IPsec VPN connection can be established on the LAN without the computer having to have a internet connection.

1976
0 Kudos
johnathan
Staff
Staff
In response to ABE_63

Created on ‎03-28-2024 05:56 AM Edited on ‎03-28-2024 05:57 AM

As long as you have Layer 3 connectivity, it should be able to work.
Are you able to run an IKE debug on the FortiGate while trying to connect?
See instructions here: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPSEC-Tunnel-debugging-IKE/ta-p/1900...

"Never trust a computer you can't throw out a window."
1960
smaruvala
Staff
Staff

Created on ‎03-20-2024 11:12 PM

Hi, 

 

Please check the connectivity to sslvpn IP and port from the PC. It is not a mandatory condition that you need internet for this to work. If the SSL Connection can be established between the client and sslvpn IP/port then the VPN should come up.

 

Regards,

Shiva

2053
ABE_63
New Contributor III
In response to smaruvala

Created on ‎03-28-2024 02:49 AM

Is it the same for IPsec, we would like to use IPsec as seeing quite a few vulnerabilities aimed at the SSL VPN connections recently, so thinking this might be a more secure way to go.

1974
0 Kudos
Ajacs_JP
New Contributor

Created on ‎05-01-2024 02:15 AM

Hi,

I had the same issue with FortiClient v7.2.4.
It seems that communication to Microsoft Security Center is required, or DNS name resolution and communication to the MS site must be performed in advance.

Therefore, we recommend that you change the value of <disable_internet_check> in the FortiClient configuration file from 0 to 1 and check if the issue is resolved.

1726
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.