Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Domsi
New Contributor

VPN SSL - firewall domain profile

Hi! I'm using the vpn ssl (with fortitoken 2FA) to connect to company network. Basically this is working. On the Windows-DC there are few firewall rules for the "domain profile". If I connect with forticlient v6.0 throuh the vpn ssl to company, the network connection at windows 10 is always set to "public firewall profile" and "unidentified network". It is not recognized as "domain firewall profile" and as "domain network". So the firewall rules which are set "inside of company network" are not working.

 

DNS is set to the correct DNS of the DC. I can access network shares, i can ping the "server name". Everthing ist working, except the firewall rules for "domain profile". It seems like Microsoft NLA technic is not recognizing the domain during connection process with vpn. I have also set a "dns-suffix" at windows settings, also tried setting it up at fortigate (config vpn ssl settings > dns-suffix). But this doesn't change anything. I found also out, if i change any setting at any other network (during active vpn connection) then the profile changes immediately to "firewall domain profile".

 

So at the moment my workaround is: connect with forticlient, then go to network connections, change any settings at any other network adapter (or enable/disable any other adapter), and then the profile changes correct to "firewall domain profile". But this is not very usefull and not very practicable for other users. Have you any ideas how the NLA automatically can detect the vpn-connection as "firewall domain profile"?

1 REPLY 1
tweber
New Contributor

I know this is an old thread, but did you ever get this figured out? Going through this now with both 7/10 clients and have thrown a few things at it so far to include NLA being set to delayed status and adding NegativeCachePeriod registry keys.