Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
raffaeledp
Contributor

Created on ‎05-19-2025 10:32 AM Edited on ‎05-19-2025 10:38 AM

Wrong configuration received by FortiClient

Hello everybody,

I'm working on a Fortigate 70G v7.2.11.

Long time ago I created an IPSec Tunnel using a wizard tool.

On this tunnel, I enabled the split tunneling.

I have 2 Windows PCs (PC A - Windows 10 / PC B - Windows 11)

On both PCs I have a free FortiClient VPN version (PC A: 7.2 / PC B: 7.2 and then I tried to upgrade to 7.4).

What I'm pretty sure of is that each client should receive, connecting with the same settings on the same tunnel, the same configuration.

This is the PC B configuration:

 

 

 

 

immagine.png

immagine (3).png

immagine (2).png

immagine (1).png

    

This is the IPSec tunnel:

 

Screenshot 2025-05-19 alle 19.26.04.png

 On the working PC A, routes are configured correctly (route print):

 

Network address             Mask          Gateway     Interface  Metrics

          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.66     35

         10.0.0.2  255.255.255.255   10.212.134.222   10.212.134.221      1

         10.1.0.0    255.255.255.0   10.212.134.222   10.212.134.221      1

  10.212.134.221  255.255.255.255         On-link    10.212.134.221    257

 

But on PC B, the same command returns:

 

Network address             Mask          Gateway     Interface Metrics
          0.0.0.0          0.0.0.0    192.168.178.1  192.168.178.106     35
          0.0.0.0          0.0.0.0    192.168.178.1  192.168.178.113     50
          0.0.0.0          0.0.0.0   10.212.134.222   10.212.134.221     25
   10.212.134.221  255.255.255.255         On-link    10.212.134.221    281

 

The result of that is that PC B cannot access internet and routes are completely wrong. But why am I receiveing two different configurations? Configurations should be sent by Fortigate...so, how is it possible that two clients receive two different configurations?

 

RDP
RDP
Labels:
639
0 Kudos
1 Solution
raffaeledp
Contributor

Created on ‎05-21-2025 05:38 AM

Hello everybody, as I said previously, the client received a wrong configuration by Forticlient. It was the only client that received a disabled split-tunnell configuration, Solution was to disable and then rienable again the split-tunneling on Fortigate.

Thank you everybody

RDP

View solution in original post

RDP
498
4 REPLIES 4
funkylicious
SuperUser
SuperUser

Created on ‎05-19-2025 11:49 AM Edited on ‎05-19-2025 11:50 AM

if you have a realtek nic on the w11 pc, try updating the drivers to something newer or do a clean install of FCT if they are already up2date.

"jack of all trades, master of none"
"jack of all trades, master of none"
623
kojulho2
New Contributor

Created on ‎05-19-2025 02:05 PM

Had this issue popup today. Issue was with firewall policy not allowing the SSLVPN interface in the "From" field destined "To" the internal network (due to many policy edits, it was left out on accident.)

https://vlc.onl/
https://vlc.onl/
596
raffaeledp
Contributor
In response to kojulho2

Created on ‎05-20-2025 12:49 AM Edited on ‎05-20-2025 12:49 AM

Thanks for your reply,

it does not seem to be the same kind of problem. Because the fact that PC B cannot access internet is due to the fact that it receives a configuration that is the same as if "split tunneling" was disabled on Fortigate. So 10.212.134.222 becomes its default gateway, but it's wrong, because in the tunnel configuration, I enabled "split tunneling".

RDP
RDP
550
raffaeledp
Contributor

Created on ‎05-21-2025 05:38 AM

Hello everybody, as I said previously, the client received a wrong configuration by Forticlient. It was the only client that received a disabled split-tunnell configuration, Solution was to disable and then rienable again the split-tunneling on Fortigate.

Thank you everybody

RDP
RDP
499
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.