Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rpoon
New Contributor

Created on ‎07-13-2021 10:00 AM

IPv6 causing SSL VPN connection issue

We used to have FortiClient version 6.2.6 and it works well on SSL VPN connection to our corporate network (gateway FortiOS version 6.4.3).  Once we upgraded to FortiClient 6.4.3, we start getting intermittent connectivity issue in that user cannot access network resources due to DNS resolution failure.  It's found to be caused by client's network interface attempts to query DNS through IPv6 and failed.  It then stop there without attempting querying IPv4 DNS.  We are stuck with no solution from Fortigate and desperately need to resolve it.  Does anyone encounter similar issue and can share some ideas?

 

Thanks

5686
0 Kudos
1 Solution
isamt
Contributor
In response to rpoon

Created on ‎08-17-2021 02:18 PM

So far we have not encountered any issues with IPv6 enabled home users, however it was only a small percentage of our users that have IPv6 enabled Internet connections so can't say for 100% certainty yet.

 

FortiClient is independent of the Fortigate firmware version so yes you need EMS 7.0 or later and you may need to convert your EMS licences to version 6.4 at least then other than that you can upgrade your clients to 7.0 so not a lot of work at all.

View solution in original post

4826
0 Kudos
5 REPLIES 5
isamt
Contributor

Created on ‎08-17-2021 10:33 AM

I have encountered the same issue.

Resolutions was to disable IPV6 on the network adaptor at the client end.

 

 

4800
0 Kudos
rpoon
New Contributor
In response to isamt

Created on ‎08-17-2021 11:22 AM

Unfortunately, Fortinet team seems uninterested in providing a viable solution to the issue.  We have over 1000 clients and need a centrally managed deployment of the solution.  Also concern if disabling IPv6 on the client may cause any other issue that we are not aware of.

4800
0 Kudos
isamt
Contributor
In response to rpoon

Created on ‎08-17-2021 01:47 PM

Your best option is to upgrade to FortiClient 7.0.0 or 7.0.1 which support dual stack IPv4 and IPv6

 

I'm currently upgrading users to 7.0.0 which is significantly better than the previous versions of the client.

 

4800
0 Kudos
rpoon
New Contributor
In response to rpoon

Created on ‎08-17-2021 01:54 PM

Does it work with IPv6 remaining enabled?  The upgrade notes mentioned that I have to upgrade EMS Server to 7.0 to match with that.  May also need to upgrade Fortigate and other connecting components too.  A lot of preparations required.

4800
0 Kudos
isamt
Contributor
In response to rpoon

Created on ‎08-17-2021 02:18 PM

So far we have not encountered any issues with IPv6 enabled home users, however it was only a small percentage of our users that have IPv6 enabled Internet connections so can't say for 100% certainty yet.

 

FortiClient is independent of the Fortigate firmware version so yes you need EMS 7.0 or later and you may need to convert your EMS licences to version 6.4 at least then other than that you can upgrade your clients to 7.0 so not a lot of work at all.

4827
0 Kudos
Labels
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.