Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiClient with EMS solution for Blackhole routing if RemoteVPN Fails

Hi everyone… I am looking for a solution in a interesting case. I want to realize a Remote VPN configuration with FortiClient and FortiEMS (Windows) if the Client is not in our Infrastructure that the Remote VPN is automatically establishing a VPN. That’s the part that works!

But now is the Keyquestion: I want if the Connection via VPN fails (because of blocking or so on) that the rest of the Client Data will go in to Blackhole until the VPN is UP. I want that the Client can not access foreign local Networks with unprotected or unencrypted Data.

omegle xender
Community Manager
Community Manager

Hello bakugo,


Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.



Anthony-Fortinet Community Team.
New Contributor III

Have you concidered if you “blocking” should be done in the local software firewall on the client, i.e Windows Firewall instead?


Just a thought 

Kind regards
Kind regards
New Contributor II

Isn't that what the "Show remote VPN before login option does?"


I was always worried that would blackhole traffic in the event the VPN doesn't come up, as it's "before login" -> and then you could restrict logins to AD direct. But that sounds like exactly your use case. I haven't experimented, so these are just my .02

Top Kudoed Authors