We have our users setup with the Forticlient software package for web and application filtering and as an IPSEC VPN client to connect to our Fortigate gateways..
The gateway will assign the client an ip address out of an IP subnet which is a /24 out of the /16 range used for our company.
The Fortigates have FGT-Access enable on the insde, outside and VPN interfaces.
I am seeing unpredictable behaviour as to whether the clients consider themselves to be On or Off net. Machines within the office will alternate between on and off net without any visible causes, same goes for home, regardless of the state of their vpn connection (dial-in or not). The users are not using any of our internal subnet ranges at their home networks.
Is their any way to clearly assign rules on which the client can determine if they are on or off-net ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I find the on/off net part takes 5 minutes so sort its self out! We use EMS to manage the FortiClients and there's a field under the profile setting that lets you define what's 'on net' (onnet subnets).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1098 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.