I am using win10 and using FortiClient VPN Only version. When I connect the vpn, my internet down and no one can use remote desktop to connect my PC either.
There is a post discussed it: https://community.fortinet.com/t5/Support-Forum/Lost-internet-connection-when-using-forticlient/td-p...
I checked the route table and there is one new route for 0.0.0.0, so there are two 0.0.0.0 routes.
But when I try to use 'route delete 0.0.0.0' command according to the post , it only delete the system default one, and cannot delete the one which VPN client add.
So I googled this post:windows - Can't change routes with VPN Client - Super User.
It has the same issue and he found the reason is " I examined the issue with Rohitab and found out FortiSSL Client watches the routes table with the NotifyRouteChange IP Helper API call."
His conclusion is Forticlient vpn will monitor the route table and fix it automatically.
I am not network expert, just an normal user, I dont know to do with it. I even cannot judge if the problem is caused by the route table.
Can anyone give some hints?
Thanks
Can you give some hints?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Most probably caused by the default route injected by VPN.
This behavior can be disabled at your client side (with most VPN clients) or at VPN server side.
E.g.: On your FortiGate, you can enable Split Tunneling on your SSL-VPN portal not to inject default route.
not sure if you can prevent FortiClient from doing that. Anyways it would not make sense because in this case it would render your vpn useless because it will not be hit by any traffic without a route.
I'd recommend to change the other end of that VPN Tunnel to do split tunneling so it wouldn't inject any new default route but routes to the specified subnet(s).
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hello
When you connect to SSL VPN firewall push routes towards the client .
In your case firewall might be pushing default right from ssl vpn tunnel
you can check internally and configure split tunnel.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-split-tunnel-feature-for-SSL-VPN/...
Thanks & Regards
Mayank Sharma
I also notice when I connect the VPN, the other cannot use Remote Desktop(RDP) to connect my PC, is it also split-tunnel issue?
My pc is on the different network with the server which I need vpn to connect .
Is there anyway that I can add some route manually so my pc still can be accessed by RDP from other pc? I mean, after connect VPN, someone still can use RDP to connect my pc?
In order to do that, you need to remove the default route that was injected by VPN.
Hi,
I am using the VPN-only version of Forticlient, how to enable the split-tunnel feature?
Hi,
I am using the VPN-only version of Forticlient, how to enable the split-tunnel feature?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1721 | |
1098 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.