We have our users setup with the Forticlient software package for web and application filtering and as an IPSEC VPN client to connect to our Fortigate gateways..
The gateway will assign the client an ip address out of an IP subnet which is a /24 out of the /16 range used for our company.
The Fortigates have FGT-Access enable on the insde, outside and VPN interfaces.
I am seeing unpredictable behaviour as to whether the clients consider themselves to be On or Off net. Machines within the office will alternate between on and off net without any visible causes, same goes for home, regardless of the state of their vpn connection (dial-in or not). The users are not using any of our internal subnet ranges at their home networks.
Is their any way to clearly assign rules on which the client can determine if they are on or off-net ?
I find the on/off net part takes 5 minutes so sort its self out! We use EMS to manage the FortiClients and there's a field under the profile setting that lets you define what's 'on net' (onnet subnets).
User | Count |
---|---|
2061 | |
1175 | |
770 | |
448 | |
343 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.