Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ABE_63
New Contributor III

FortiClient requires internet access on the client machine

I have installed the free version of FortiCli on my Windows machine. I would like to connect to my FortiGate using a remote access connection. I have managed to do this when my Windows machine has an internet connection, however, I have noticed that if I am using the same Windows machine offline (which is what I intend to do but over a wireless network) I cannot connect to the VPN. Is there a way I can make this work without having to connect to the internet? Why do I need internet for this to work?

6 REPLIES 6
johnathan
Staff
Staff

What path do you intend the VPN traffic to take if the PC does not have an internet connection?
Is the PC plugged into an MPLS circuit or something similar? Maybe a topology diagram would be helpful. 


"Never trust a computer you can't throw out a window."
ABE_63
New Contributor III

For testing, it's a simple path. From computer directly to port 1 of the firewall. Just simply trying to prove IPsec VPN connection can be established on the LAN without the computer having to have a internet connection.

johnathan

As long as you have Layer 3 connectivity, it should be able to work.
Are you able to run an IKE debug on the FortiGate while trying to connect?
See instructions here: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPSEC-Tunnel-debugging-IKE/ta-p/1900...

"Never trust a computer you can't throw out a window."
smaruvala
Staff
Staff

Hi, 

 

Please check the connectivity to sslvpn IP and port from the PC. It is not a mandatory condition that you need internet for this to work. If the SSL Connection can be established between the client and sslvpn IP/port then the VPN should come up.

 

Regards,

Shiva

ABE_63
New Contributor III

Is it the same for IPsec, we would like to use IPsec as seeing quite a few vulnerabilities aimed at the SSL VPN connections recently, so thinking this might be a more secure way to go.

Ajacs_JP
New Contributor

Hi,

I had the same issue with FortiClient v7.2.4.
It seems that communication to Microsoft Security Center is required, or DNS name resolution and communication to the MS site must be performed in advance.

Therefore, we recommend that you change the value of <disable_internet_check> in the FortiClient configuration file from 0 to 1 and check if the issue is resolved.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors