Forticlient VPN Configuration - allowing to access blocked websites

HFIT · ‎02-20-2025

Hi,

We initially thought this was a Webtitan issue, however, when a user is connected to Forticlient VPN, websites that are blocked on Webtitan policies are being allowed to filter through and get accessed. If the user disconnects from VPN, and tries accessing those sites again, they then get blocked from Webtitan.

Has anyone come across this issue before or can provide further details on why this may be happening? We think it may be a configuration issue with our Forticlient setup.

Our VPN is a IP SEC VPN. We have tried several devices (Windows 10 PCs and Windows 11 OS laptops) and the same happens. This has happened for several different users on different Webtitan policies. I can provide further details if needed.

AEK · ‎02-20-2025

Hi

Is WebTitan DNS based? If so then probably the VPN is injecting a new DNS server IP that has priority over WebTitan's DNS.

AEK

HFIT · ‎02-25-2025

Hi - yes it is. Forticlient VPN's DNS is taken priority and we need to know how to lower the priority for Forticlient's VPN DNS.

AEK · ‎02-25-2025

Hi

You should be able to fix it by enabling split DNS on FortiGate IPsec config.

https://docs.fortinet.com/document/forticlient/7.2.0/new-features/634537/split-dns-support-for-ipsec...

Hope it helps

AEK

Forticlient VPN Configuration - allowing to access blocked websites

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website