Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gschmitt
Valued Contributor

Created on ‎08-06-2015 02:02 AM

FortiSSLVPN Client does set the correct DNS Server on Windows 10

I tried installing the 4.0.2317 FortiClient SSLVPN on a Windows 10 client and connected to a device.

When I try to resolve Hostnames it sadly uses my normal DNS instead of the DNS set in the SSLVPN settings.

Trying NSLOOKUP also returns my normal DNS not the internal one offsite.

I installed the same SSLVPN Client version on an 8.1 client and it worked normally.

 

Sadly trying to install the normal FortiClient (5.2.4.0650 x64) results in an error message during installation (Install Error: The process was stopped unexpectadly).

 

Anyone got any ideas? Can anyone confirm that the DNS is not set correctly on a Windows 10 client?

18323
0 Kudos
1 Solution
x_member
Contributor

Created on ‎08-06-2015 07:50 AM

gschmitt wrote:

 

Can anyone confirm that the DNS is not set correctly on a Windows 10 client?

Yep - confirmed here both with a previously working SSLVPN build 2312 and the current SSLVPN build 2317. 

This is on a Windows 10 Pro in place upgrade from Windows 8.1 Pro (was fully functional).

 

*EDIT*

It looks like this is not a new issue:

https://social.technet.mi...=WinPreview2014General

View solution in original post

6784
0 Kudos
9 REPLIES 9
x_member
Contributor

Created on ‎08-06-2015 07:50 AM

gschmitt wrote:

 

Can anyone confirm that the DNS is not set correctly on a Windows 10 client?

Yep - confirmed here both with a previously working SSLVPN build 2312 and the current SSLVPN build 2317. 

This is on a Windows 10 Pro in place upgrade from Windows 8.1 Pro (was fully functional).

 

*EDIT*

It looks like this is not a new issue:

https://social.technet.mi...=WinPreview2014General

6785
0 Kudos
gschmitt
Valued Contributor
In response to x_member

Created on ‎08-07-2015 12:25 AM

CodeMonkey wrote:

*EDIT*

It looks like this is not a new issue:

https://social.technet.mi...=WinPreview2014General

Yeah I found this post yesterday aswell. Sadly the "Windows 10 is not out yet" answer isn't helpful :\

 

I contacted the FortiNet support and got the "We don't support Windows 10 yet" answer.

To which I quoted their 5.2.4 release notes back at them ... 

6719
0 Kudos
AtiT
Valued Contributor

Created on ‎08-06-2015 11:35 AM

Hello,

I do not have WIN10 machine but could you please test the sslvpn 5.2 version?

Download the FortiClient tools and locate the SSLVPNcmdline folder. Copy/rewrite the 4 files (EXE and 3xDLL) to the sslvpn instalation directory and try the VPN connection.

AtiT

AtiT
Preview file
82 KB
6719
0 Kudos
x_member
Contributor
In response to AtiT

Created on ‎08-07-2015 02:19 AM

AtiT wrote:

Hello,

I do not have WIN10 machine but could you please test the sslvpn 5.2 version?

<snip>

Same results unfortunately.

6719
0 Kudos
x_member
Contributor
In response to x_member

Created on ‎08-07-2015 04:22 AM

deleted - not as resolved as I first thought.

6719
0 Kudos
gschmitt
Valued Contributor
In response to x_member

Created on ‎08-07-2015 05:52 AM

Just got a call from the TAC support.

They are opening a bug report.

6719
0 Kudos
x_member
Contributor
In response to gschmitt

Created on ‎08-07-2015 06:04 AM

After some playing around and a lunch break I'm now able to ping servers on my test network by name when connected to the SSLVPN using the SSLVPN client v4.0.2317. 

After upgrading our test FG60D to 5.2.4 to test some outstanding issues that are already open with support I noticed on comparing the before and after configuration backups that the portal's split-tunneling-routing-address went missing during the upgrade. On attempting to reconfigure it it became apparent that an address range (for some servers on our DMZ) was no longer accepted. Removing this address object and replacing it with the DMZ subnet (splitting routing for internal and dmz subnet objects as total) was successful.

nslookup still only lists my standard connection DNS server however the issue seems resolved for me. 

I will be making the same configuration change on our live FG (running 5.2.3) to see if that resolves the issue with our live VPN.

 

*ADDED*

Change now in on the live FG, issue seems resolved for our configuration.

6719
0 Kudos
gschmitt
Valued Contributor
In response to x_member

Created on ‎08-07-2015 07:56 AM

CodeMonkey wrote:

After some playing around and a lunch break I'm now able to ping servers on my test network by name when connected to the SSLVPN using the SSLVPN client v4.0.2317. 

...

nslookup still only lists my standard connection DNS server however the issue seems resolved for me. 

Well this only works if you use a local or not taken domain in your network.

 

I noticed the issue first when I connected to a network which resolves an internal IP differently than publicly (as an example: public dns server returns 88.77.66.55; internal returns 172.16.1.1)

6719
0 Kudos
x_member
Contributor
In response to gschmitt

Created on ‎08-07-2015 07:59 AM

gschmitt wrote:

CodeMonkey wrote:

After some playing around and a lunch break I'm now able to ping servers on my test network by name when connected to the SSLVPN using the SSLVPN client v4.0.2317. 

...

nslookup still only lists my standard connection DNS server however the issue seems resolved for me. 

Well this only works if you use a local or not taken domain in your network.

 

I noticed the issue first when I connected to a network which resolves an internal IP differently than publicly (as an example: public dns server returns 88.77.66.55; internal returns 172.16.1.1)

Ah okay - this may well not impact us then. 

 

On the plus side it has resolved a configuration issue for me..

6719
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.