Hi guys

We recognized a huge problem with all our Windows 10 SSL VPN users and the current FortiClient. For some it was working for a while, for others it was never working because even we deploy the LAN DNS IP's to the clients when estabilshing a Tunnel, Windows 10 is still using the IPv4 DNS server of the local router. So we always get back the 127.0.0.1 loopback for all our internal ressources, even we have disabled all IPv6 protocols. Probably this is also a fact we use .ads as internal Domain name and now this became a TLD, so ISP DNS just return a 127.0.0.1 for all .ads domains.

So we started to increase the TCPIPv4 metric of the LAN and WiFi adapters to a higher value than the default VPN metric, which is 11. After we changed the metric to 15 on LAN and WiFi adapter and changed the 2 regestry keys "DisableSmartNameResolution" and "DisableParallelAandAAAA" everything was working with the VPN name resolution again.

But I would prefer to reduce the Metric of the VPN adapter from it's default 11 to 5 or somthing, so we would not have to touch the Metric of all the LAN and WiFi adapters. Does anyone know if it's possible with the FortiGate DHCP to set the Metric, same way as a Microsoft DHCP can? I've read that Windows resets the VPN metric when the connection is established, so it's not a permanent solution.

Any suggestions?

Thx