We are having issues with the free VPN-Only FortiClient on computers that are also running the OpenDNS Umbrella client. The issue is intermittent and happens only with some users, sometimes. The issue that seems to occur is that computers aren't getting DNS servers assigned to the FortiClient interface sometimes. Other times, we do see the DNS server, but we can't resolve DNS names. In some cases, we've been able to disabled the umbrella client and name resolution starts to work, but not every time.
Anyone seem something like this before?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Jeff,
Fortinet doesn't recommend to install FortiClient paralell with other VPN software solutions on the same workstations. In such cases there might be different kind of problems.
I would say that the behavior you observed is expected.
Best regards,
Vasil
Thanks for the input, but to clarify, OpenDNS isn't VPN software. It is a web content filtering product that blocks web traffic based on DNS queries. We have been using OpenDNS with FortiClient in other environments successfully for years. The main difference in this environment from others is this one uses the free VPN only client where others that haven't had this issue were full, EMS-Controlled FortiClient implementations.
Hi Jeff,
I am sorry about the confusion. (overlooked with OpenVPN)
Looking about this compatibility problem I found the following information on the OpenDNS vendor site:
The IP Layer Enforcement feature of the Roaming Client is incompatible with:
Built-in OS X VPN client
F5 VPN
> Fortinet FortiClient
SonicWALL VPN (some environments)
Checkpoint VPN
It is known to be compatible with the following VPN Clients only. If it is not on this list, and you are experiencing an issue, disable IP Layer Enforcement and confirm if the issue also resolves.
There have been multiple similar issues in the past reported by customers ( between OpenDNS and Forticlient). On the paid-license version you can try changing Forticlient's control of the DNS Cache Service under VPN>SSL VPN in the EMS profile. Unfortunately you have an issue on the free version where this option is not available.
Best regards,
Vasil
This is interesting info.... thank you for sending. We'll try disabling IP Layer Enforcement and report back here on whether that helps any.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.