Hi! I'm using the vpn ssl (with fortitoken 2FA) to connect to company network. Basically this is working. On the Windows-DC there are few firewall rules for the "domain profile". If I connect with forticlient v6.0 throuh the vpn ssl to company, the network connection at windows 10 is always set to "public firewall profile" and "unidentified network". It is not recognized as "domain firewall profile" and as "domain network". So the firewall rules which are set "inside of company network" are not working.
DNS is set to the correct DNS of the DC. I can access network shares, i can ping the "server name". Everthing ist working, except the firewall rules for "domain profile". It seems like Microsoft NLA technic is not recognizing the domain during connection process with vpn. I have also set a "dns-suffix" at windows settings, also tried setting it up at fortigate (config vpn ssl settings > dns-suffix). But this doesn't change anything. I found also out, if i change any setting at any other network (during active vpn connection) then the profile changes immediately to "firewall domain profile".
So at the moment my workaround is: connect with forticlient, then go to network connections, change any settings at any other network adapter (or enable/disable any other adapter), and then the profile changes correct to "firewall domain profile". But this is not very usefull and not very practicable for other users. Have you any ideas how the NLA automatically can detect the vpn-connection as "firewall domain profile"?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I know this is an old thread, but did you ever get this figured out? Going through this now with both 7/10 clients and have thrown a few things at it so far to include NLA being set to delayed status and adding NegativeCachePeriod registry keys.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.