Created on 01-09-2015 04:33 PM Edited on 05-06-2022 07:32 AM By Anthony_E
Description
To enable DNS registration option for SSLVPN clients when the FortiClient participates in FSSO, special steps must be followed.
Specifically, there is an additional registry value which needs to be changed.
Complete the Following Steps:
1) Enable DNS registration under Network properties:
2a) If FortiClient version is 5.2.1 or earlier or if FortiClient is unmanageable.
note: All steps have to be applied under workstation administrator account
2a.1) shutdown Forticlient.
2a.2) net stop fortishield.
2a.3) Start CMD with administrator privileges and add following registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fortinet\FortiClient\Sslvpn]
"WinDnsCacheService"=dword:00000003
2a.4) net start fortishield.
2a.5) start Forticlient.
2b) Alternatively, if the FortiClient is manageable by FGT and the FC version is 5.2.2 and above, all steps from 2a could be automated by adding the following XML into the FC's configuration XML script.
<dnscache_service_control>3</dnscache_service_control>
For example:
<?xml version="1.0" encoding="UTF-8" ?>
<forticlient_configuration>
<partial_configuration>1</partial_configuration>
<os_version>windows</os_version>
<vpn>
<sslvpn>
<options>
<enabled>1</enabled>
<dnscache_service_control>3</dnscache_service_control>
<!--0=disable dnscache, 1=do not tounch dnscache service, 2=restart dnscache service, 3=sc control dnscache paramchange-->
</options>
</sslvpn>
</vpn>
</forticlient_configuration>
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.