Hello,
My company has FortiClient installed on windows laptops, managed by EMS. We currently use always-on IPSec.
We now want our laptop to communicate throught VPN only, no LAN or off-VPN internet communication whatsoever.
How can we achieve this ? Network Lockdown only works with SSL VPN
I tried making exceptions in the Windows Defender Firewall for Forticlient.exe (and others) without any success.
Any hint would be greatly appreciated !
Thank you
Hello @RocketDog ,
This can be helpful, https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-dial-up-full-tunnel-with-FortiClient...
So based on the policy you can control the traffic if the split tunnel is disabled.
Hi, thank you for your reply.
In deed that's how my setup is right now.
My goal is to block all LAN/internet communication if the IPSEC VPN is not connected.
There is an option to do that with SSL_VPN (Network Lockdown), but i'm struggling to do it using IPSec. I assume there could be a Windows Defender Firewall configuration to do, but didn't have any success so far.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.