- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiClientVPN static route
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClientVPN static route
Hi, only on my computer, the static route is not created when I connect with the FortiClientVPN .
on other PCs no problem.
Do you have any advice on why it doesn't work?
S.O. win 11
thanks in advance
Fabrizio
Fabrizio
the only easy day was yesterday
the only easy day was yesterday
Solved! Go to Solution.
Fabriziothe only easy day was yesterday
Labels:
- Labels:
-
FortiClient
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SOLVED....
Removed Update for Microsoft Windows (KB2693643)
Now works correctly
Fabrizio
the only easy day was yesterday
the only easy day was yesterday
Fabriziothe only easy day was yesterday
21 REPLIES 21
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UP
Fabrizio
the only easy day was yesterday
the only easy day was yesterday
Fabriziothe only easy day was yesterday
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has anyone come up with ideas this month?
Thanks in advance
Fabrizio
the only easy day was yesterday
the only easy day was yesterday
Fabriziothe only easy day was yesterday
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you confirm the firewall policy for your VPN connection allows all service (Internet) or specific service only?
The below article talks about a dead peer detection feature on windows that will cause route change if the dpd check fails.
https://learn.microsoft.com/en-us/previous-versions/aa454008(v=msdn.10)?redirectedfrom=MSDN
Check if this feature is enabled/disabled as suggested in http://www.howtonetworking.com/Routers/deadgateway.htm
Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you so much for your answer
The "EnableDeadGWDetect" entry does not exist
I create it and should I set it to 0 or 1?
Fabrizio
the only easy day was yesterday
the only easy day was yesterday
Fabriziothe only easy day was yesterday
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To disable dead gateway detection, set the registry value to 0.
Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the route link shows you have two default routes. One via your ethernet interface and one (accoarding to its gateway ip) via the SSL VPN Interface (i.e. FortiClient).
The one via the VPN does have the higher metric which means all traffic will hit the ethernet interface except if that were down or if the traffic matches one of the other existing static/connected routes.
It also implies that there is no split tunneling enabled on your vpn since this is (execpt from the metric) the typical behaviour of FortilClient VPNs without split tunneling.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
first of all, thank you so much for your reply
I don't understand the first part?
What do I have to change in the configuration?
Fabrizio
the only easy day was yesterday
the only easy day was yesterday
Fabriziothe only easy day was yesterday
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
well a default route is there to match all traffic that doesn't match anything else.
If there is more than one default route the metric sets the order. Lowest metric will be used first.
Since the second default route has the ssl vpn interface as destination I suppose it has been set up by forticlient when it established your vpn. You could recheck this by re-viewing your routing table without the vpn connected. If it was set up by FortiClient it will be gone then.
You will only have static routing over your vpn when split tunneling is on. This has to be configured on the Fortigate end of the tunnel. Split tunneling will have FortiClient set up those static routes upon connecting your vpn.
Just usually - without split tunneling - FortiClient will set up a default route with very low metric so all traffic that doesn't match any other routes will go through the vpn. Why it didn't do that in your case - cannot say.
Somitimes (e.g. in business environments) you do want all traffic to go through the vpn as long as it is connected. Then you have to have the accoarding policies on the other end of the vpn. Otherwise you would lose internet access once the vpn connected.
If you just want to be able to access specific subnets through the vpn I recommend using split tunneling and let the internet traffic still use your default route via ethernet.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tried several times but the problem persists
The problem is only on my Notebook
On other PCs with the same configuration on the Fortinet side (on the firewall) and in FortiClient VPN the problem does not exist
Fabrizio
the only easy day was yesterday
the only easy day was yesterday
Fabriziothe only easy day was yesterday
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I also reset the network cards
The only solution is to connect with "FortinetClient VPN", once the connection has been established, change the IP of the network card "FORTINET SSL VPN VIRTUAL...." assigning the ip that is displayed in the connection status
in this way , it create correct route
Fabrizio
the only easy day was yesterday
the only easy day was yesterday
Fabriziothe only easy day was yesterday
Related Posts
- Aggregate dial-up IPsec tunnel 15 Views
- Manage FortiGate from FortiManager 150 Views
- SD-WAN problem Fortimanager 176 Views
- How to define Gateway on WAN... 313 Views
- How to route ougoing FG traffic... 165 Views
Labels
-
FortiGate
6,903 -
FortiClient
1,364 -
5.2
801 -
5.4
639 -
FortiManager
597 -
FortiAnalyzer
435 -
6.0
416 -
5.6
362 -
FortiAP
361 -
FortiSwitch
356 -
FortiClient EMS
278 -
FortiMail
269 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
168 -
6.4
128 -
FortiNAC
120 -
FortiGuard
109 -
IPsec
96 -
FortiGateCloud
91 -
FortiSIEM
91 -
FortiCloud Products
85 -
SSL-VPN
82 -
FortiToken
75 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
FortiEDR
42 -
SD-WAN
41 -
Fortivoice
41 -
FortiDNS
36 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
31 -
Firewall policy
31 -
VLAN
27 -
High Availability
27 -
FortiAuthenticator
26 -
FortiConnect
24 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
SAML
17 -
FortiGate v5.2
17 -
DNS
17 -
LDAP
17 -
Certificate
17 -
FortiSwitch v6.2
16 -
BGP
16 -
VDOM
16 -
FortiMonitor
14 -
Interface
14 -
Logging
14 -
Authentication
13 -
FortiGate v5.0
13 -
FortiLink
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
NAT
11 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Fortigate Cloud
9 -
4.0MR2
9 -
SSID
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
WAN optimization
7 -
SNMP
7 -
Web profile
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Traffic shaping policy
6 -
FortiBridge
6 -
Web application firewall profile
6 -
Proxy policy
5 -
Packet capture
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 983 | |
| 818 | |
| 446 | |
| 440 | |
| 130 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.