I have vpn users running both Win8.1 and Win10.
Forticlient version is 6.0.10, managed by EMS server
Clients run SSL vpn and IPSec connections.
On the EMS server there is a setting 'Prefer SSL VPN DNS'
If unchecked, SSL clients only register the Vpn IP address in DNS.
With it checked, SSL clients also register their home router IP address.
Question, for IPSec connections is there a similar setting that performs the same behaviour?
We don't want IPSec users home IP addresses registering within DNS.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Raised a ticket on Fortinet for this.
Fortinet's response:
The issue is reported in 0659906 FortiClient IPSec VPN connected clients register local adapters IP to DNS-server, causing FSSO and client traffic to fail. The issue is under the developer's investigation.
I am having the same problem. Any update on this?
Fortinet have marked my ticket 'Pend Bug Fix'
No further updates have been added as yet.
Hi,
We had the same problem here. This problem is resolved now. To resolve it, weve modified a key in the windows registry.
This is the key to modify: HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiClient\Sslvpn\NoDnsRegistration. You have to enter a value of 2.
Since we did that, no more problem with odd DNS registration. The only IP address assigne to the DNS entry is the VPN SSL one.
It works for us, maybe you should try it!
Hello thungo1604,
Thanks for the registry key.
I'm assuming this is what is updated with 'Prefer SSL VPN DNS' unchecked in the EMS server.
I already stated that with this unchecked, SSL clients only register their assigned Vpn IP in DNS which is fine.
My problem is that there is no equivalent setting for IPSec Vpn clients. They always register both their assigned Vpn IP plus the users home router assigned IP in the Corporate DNS server.
Fortinet have identified this as a bug and advise they are testing their fix in 6.4 version of the client.
If there is a registry key that stops IPSec clients registering home IP's in DNS then let us know.
That is something I could maybe try!
Fortinet have finally come back on this and advised that the problem is fixed in 6.4.3
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1522 | |
1020 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.