Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDLP
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGuard
- FortiGate Cloud
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: How to Browse Internet while using FortiClien...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to Browse Internet while using FortiClient VPN Session
First, I am VPN ignorant so if my questions appear trivial, then they probably are. If there was a poster child for the VPN iliterate...it would be me :).
Using FortiClient 1.6.142 on XP Pro SP2 against a Fortigate 200A.
Can anyone explain (in relatively simple terms) what is needed to browse the Web or other internet services while using VPN? My assumption was that while using FortiClient to connect to a Fortigate 200A, any browsing to the internet would actually be occuring throught the Fortigate. However, this does not appear to the case.
While I have an active VPN session going to the Fortigate, I can browse other internet sites, check email etc. just fine. If I go to showmyip.com, it shows my public IP coming from my existing cable modem connection and not from the Fortigate network. So while I am connected to the Fortigate network just fine (can ping IPs, access servers) using VPN, I appear to have full internet access apparently using my local cable connection. Both networks, virtual and ethernet going to the local cable modem, appear in ipconfig/all.
The FortiClient docs talk about having to add a 0.0.0.0/0.0.0.0 setting in advanced settings of the client connection in order to do internet browsing. When I add this, I can no longer browse the internet...so is there another setting on the fortigate that I need as well? I do have a policy that allows all outbound traffic (internal to wan1 for all services - the default one). The docs say that the Fortigate must be configured to allow internet access when using the 0.0.0.0/0.0.0.0. Can someone elude to what is required on the Fortigate if something else is needed other than this default outbound policy?
This would not be an issue since I can VPN and surf EXCEPT another collegue is using the same FortiClient VPN profile, can VPN just fine... however all of his internet access is " disabled" while his VPN session is active! We run another app that also needs access to the internet so having access to both the VPN and the internet at the same time is required. Is there any document that explains this issue in detail? Any advice, suggetions would be greatly appreciated.
Don Draper
Don Draper
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
3 REPLIES 3
Not applicable
Created on 04-27-2005 10:49 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
there are roughly two options to browse the internet while having a VPN session. The first (standard) is just setup a VPN session and that will route only the data for the subnet through the VPN tunnel. In this case, you can access the Internet like having no VPN session.
The second requires a bit more configuring, that all the traffic goes through the VPN tunnel and you have to config the remote side (Fortigate) that you will be allowed to access the internet through the tunnel. To achieve this you have to add 0.0.0.0/0.0.0.0 as an extra subnet in the FortiClient config and I guess that' s what' s missing, in the Fortigate in the Phase 2 part you have to enable Internet browsing.
Sometimes the allow Internet browsing is omitted per se, so that Internet browsing is disabled at all, when a VPN session is live.
hope this helps, regards, Eric
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Eric...this was the answer I needed.
So standard VPN does allow both the VPN subnet and my separate local subnet to the Internet to both be active at the same time. Makes sense explains why it works for us by default.
I had added the 0.0.0.0/0.0.0.0 subnet to the FortiClient but could not surf at all. However, as you suggested, I turned on " interner browsing" in Phase II Advanced for the Internal interface and only then was I able browse the internet through the VPN. Checking my IP at showmyip.com confirmed this. That was the part I was missing so thanks very much! Now I know how to make it work either way.
We also discovered why my friend was unable to surf at all while he was connected to the VPN. Turns out his local home router was using 192.168.2.x, the same subnet as I had chosen for the virtual VPN subnet. Once he changed his router to use another subnet, he could surf while using the VPN as well.
One more easy question please:
There are three of us who could be using the VPN at the same time. I created VPL config files for the other two by incrementing the last value in the virtual IP by one and then saving. So each user' s config file might look like:
User 1 - 192.168.2.2
User 2 - 192.168.2.3
User 3 - 192.168.2.4
However, I noticed that the virtual adapter created by FortiClient uses the next higher IP value for the the gateway and DHCP such as ipconfig /all shows:
Description . . . . . . . . . . . : Fortinet virtual adapter - Fortidr Miniport
Physical Address. . . . . . . . . : 00-09-0F-FE-00-01
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.3 <--
DHCP Server . . . . . . . . . . . : 192.168.2.3 <--
Would the 192.168.2.3 values prevent the other VPN user who is using 192.168.2.3 IP from being able to connect at the same time or do I just need to ignore this? In other words, do I need to create other virtual IPs for the users further apart so they do not conflict with the IP' s created by the virtual adapter? I admit we have not yet to tried to connect at the same time.
Thanks again! Don
Don Draper
Don Draper
Not applicable
Created on 04-28-2005 11:15 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Don' t worry that the IP' s seem to be overlapping. This sometimes happens (often with PPTP connections). This is not an issue, so the ip' s can be next to each other.
Regards, Eric
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Issues with FortiClient EMS on macOS 116 Views
- Firmware upgrade From v7.4.3 build2573 (Feature)... 125 Views
- Cannot connect to FortiClient IPsec VPN... 375 Views
- Backup Routing Table Failed Error While... 230 Views
- FortiClient - disconnect/reconnect issue 279 Views
Labels
-
FortiGate
8,348 -
FortiClient
1,688 -
5.2
801 -
FortiManager
703 -
5.4
639 -
FortiAnalyzer
533 -
FortiSwitch
452 -
FortiAP
446 -
6.0
416 -
FortiClient EMS
394 -
5.6
362 -
FortiMail
307 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
205 -
5.0
196 -
FortiWeb
194 -
IPsec
174 -
FortiNAC
171 -
FortiGuard
132 -
6.4
128 -
SD-WAN
102 -
FortiGateCloud
100 -
FortiSIEM
96 -
FortiCloud Products
95 -
FortiToken
88 -
FortiAuthenticator
80 -
Customer Service
76 -
Wireless Controller
76 -
Firewall policy
67 -
4.0MR3
64 -
FortiProxy
56 -
Fortivoice
50 -
FortiEDR
50 -
FortiADC
50 -
High Availability
48 -
vlan
47 -
ZTNA
45 -
FortiSandbox
43 -
FortiExtender
43 -
FortiDNS
42 -
Routing
39 -
DNS
38 -
BGP
37 -
LDAP
37 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
32 -
Certificate
32 -
Interface
31 -
NAT
30 -
Authentication
29 -
SSO
29 -
FortiConnect
27 -
RADIUS
27 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
FortiGate v5.2
24 -
VDOM
24 -
Web profile
23 -
Application control
22 -
Virtual IP
22 -
Logging
21 -
Fortigate Cloud
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
FortiMonitor
18 -
FortiPAM
18 -
SSL SSH inspection
18 -
Traffic shaping
17 -
FortiDDoS
15 -
FortiGate v5.0
14 -
OSPF
14 -
WAN optimization
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiCASB
12 -
SNMP
12 -
Automation
12 -
Admin
12 -
System settings
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiSOAR
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
Proxy policy
9 -
FortiBridge
8 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
Traffic shaping policy
7 -
Fabric connector
7 -
Intrusion prevention
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Traffic shaping profile
5 -
Web rating
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiScan
4 -
Explicit proxy
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Email filter profile
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
SDN connector
2 -
Service
2 -
Zone
2 -
Cloud Management Security
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1633 | |
| 1063 | |
| 751 | |
| 443 | |
| 210 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.