We are having issues with the free VPN-Only FortiClient on computers that are also running the OpenDNS Umbrella client. The issue is intermittent and happens only with some users, sometimes. The issue that seems to occur is that computers aren't getting DNS servers assigned to the FortiClient interface sometimes. Other times, we do see the DNS server, but we can't resolve DNS names. In some cases, we've been able to disabled the umbrella client and name resolution starts to work, but not every time.
Thanks for the input, but to clarify, OpenDNS isn't VPN software. It is a web content filtering product that blocks web traffic based on DNS queries. We have been using OpenDNS with FortiClient in other environments successfully for years. The main difference in this environment from others is this one uses the free VPN only client where others that haven't had this issue were full, EMS-Controlled FortiClient implementations.
The IP Layer Enforcement feature of the Roaming Client is incompatible with:
Built-in OS X VPN client F5 VPN > Fortinet FortiClient SonicWALL VPN (some environments) Checkpoint VPN It is known to be compatible with the following VPN Clients only. If it is not on this list, and you are experiencing an issue, disable IP Layer Enforcement and confirm if the issue also resolves.
There have been multiple similar issues in the past reported by customers ( between OpenDNS and Forticlient). On the paid-license version you can try changing Forticlient's control of the DNS Cache Service under VPN>SSL VPN in the EMS profile. Unfortunately you have an issue on the free version where this option is not available.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.