Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
whatever
New Contributor

Refuse server's routes / DNS

I'm using forticlient on OSX to access to the network of one of my clients.

 

The VPN server is configured to change my default route (so all my traffic is routed through the VPN) and to update my DNS servers.

 

Is there a way to ask FortiClient not to change my default route (or even better not to change any route) and my DNS?

Also, is there a CLI available on linux/ARM or linux/x86 to connect to a VPN?

 

Thanks,

4 REPLIES 4
whatever
New Contributor

Is there a better place than here to get an answer?

ede_pfau

Old post first:

1- if the FC is managed centrally by the FGT there is/should be no way to change that behavior on the client's side. Otherwise central mgmt wouldn't make any sense.

2- I've got no experience with the Linux client but the Windows version does support command line options. A tunnel can thus be opened from running the 'ipsec' command (included in the FC installation) instead of clicking on the icon. There is a thread on this in the forums.

 

Last post:

Sure, open a ticket with Customer Support. You will only find help around here on a best-effort basis - it needs people who've had the same problem (which can be very few sometimes), and one of those willing to sacrifice time and effort to post back (even fewer).

And then there is the Knowledge Base, some helpful Fortinet bloggers, the docs...

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
whatever

Thanks a lot for your answer!

 

1- yes, I understand this point. But in the case the server is configured like shit, it would be so great to have advanced features for people who know what they're doing to override the configuration, which is ok for 99% of the clients (who don't have to run several VPN at the same time like I do).

 

2- I considered using ipsec but unfortunately it seems the server is only configured to accept SSL connections (or at least the sysadmin of the company I'm working for wasn't able to tell me what are the credentials required).

 

Thanks again,

ede_pfau

I think there is no justification for allowing clients to change a company's security measures at will. Both DNS and default routing are suitable means to ensure remote access traffic is secure and scanned/filtered. This is a matter of responsibility - the admin takes it, the client doesn't. So, I would not expect the client software to ever have 'override' options.

IMHO you should take the issue to the admin, it's not a technical one. And even if you're forced to use that access the way it is, so be it. For example, I am often quite discontent with the TV program but cannot influence it; rather than changing my habits I still switch it on every night.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors