So, MS Surfaces and Forticlient VPN have been one of my Nemesis' at a specific site for a specific user.
Previously when we upgraded his Surface Pro a few years ago, when he'd connect via SSL VPN, internet connectivity would slow way down, at that time we were using the free Forticlient and got permission from Fortinet to get a trial version of the paid client to see if issue was FC related. After a lot of back and forth, the issue was resolved and I and the user was happy. I am going to review that ticket again and make sure there wasn't some kind of work around put in place that may be affecting this.
Fast forward to the beginning of June, we replaced his Surface and used our typical tool (TransWiz) to transfer his existing Windows profile to new machine, he was happy. A few days later I get advised that when FortClient Free VPN is connected ALL internet traffic that's not across the link stops, example if I have a remote session with him I loose connectivity. Also he can't use Zoom or email etc. None of this is normal with his prior machine and this does not occur for the 30 other users either (mix of both Mac and PC laptops and other Surfaces)
For troubleshooting, removed and reinstalled FC, then installed latest version from 2 weeks ago, no change. Further testing indicates this ONLY occurs with his AD specific VPN user login and it doesn't matter which Windows Profile we use, his, a local admin or domain admin, all experience the same issue. While logged into any windows profile, if I use a different user for the FC connection, no issues are all. It works as expected and the split connection also works as expected.
Background:
All SSL VPN Connections require MFA, when connection comes in, the firewall (100E) checks the internal radius server which checks AD and then forwards the request to external MFA server, the MFA app on the iPhone then requests approval and if approved, the VPN connection is allowed.
Any ideas or suggestions?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello forti4sure,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hi there,
Thank you for the explaination.
From my understanding, you already isolate the issue and its more to username issue.
On AD server, please verify if that username has been locked due too many attempt or expired. You may consider to reset the password too.
Hope that helps.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.