Hot!FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN

Page: 12 > Showing page 1 of 2
Author
gsi_mhorn
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/01/14 07:16:19
  • Status: offline
2016/01/14 07:25:33 (permalink)
0

FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN

I have several computers running Windows 10 with FortiClient version 5.4.0.0780.  We are a consulting company and connect to one of our clients using an SSL VPN with the FortiClient per their IT Department.  When connecting to the VPN, the connection appears to complete successfully but when once the connection is established, all network connectivity is lost.  While connected you cannot reach anything on the internet by IP or DNS name nor anything on the other end of the VPN tunnel by IP or DNS name.  You can ping the local IP address you are assigned by the VPN server.  As soon as you disconnect from the VPN session your local network connectivity is restored.  
 
I have read through the documentation and we are not connected to any other VPN clients when this happens.  We also do not have the Cisco VPN Client installed which is known to conflict with the Forticlient.   IPv6 was disabled during testing just to rule that out. 
 
Has anyone else experienced this issue and have a work around?  Since we don't own a Fortinet product and are just using the free Forticlient, I'm not able to open a ticket with support. 
 
Thanks for any assistance in advance!
Matt
#1

27 Replies Related Threads

    Terry@dci
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/01/11 10:11:22
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/01/14 07:53:20 (permalink)
    0
    Not sure why you're having an issue with the IPs at your client. Are they not "pingable"?
     
    As far as Internet and Local LAN access, the IT Department at your client has configured their Fortinet to disallow traffic outside of the client network, meaning that your consultants local LAN and Internet access out have been disabled when connected to the client via VPN. In order to get that changed, you will need to request that your client's IT department enable traffic outside their network.
     
    This is not something you change, sorry.
    post edited by Terry@dci - 2016/01/14 07:54:42
    #2
    rwpatterson
    Expert Member
    • Total Posts : 8310
    • Scores: 183
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: online
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/01/14 09:41:59 (permalink)
    0
    The property you are describing is called split tunneling, where VPN traffic goes to your client's network while all other traffic is routed normally. That needs to be set up by the client's IP staff as stated by [link=mailto:Terry@dci]Terry@dci[/link]. They may have that in place for a reason. You'll have to work with them, since it's their firewall, Fortinet won't talk to you.

    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.19-b0694
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #3
    gsi_mhorn
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/01/14 07:16:19
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/01/14 10:11:30 (permalink)
    0
    Thank you for the reply.  I should add that the problem I'm having is not that split tunneling is blocking my internet and local traffic.  The problem is when I'm connected to the VPN, no traffic is routing (no LAN, no Internet, no remote networks).  My work around for this is to use a Windows 7 VM and when connected using the same version of the Forticlient, I have no issues.  While connected to the VPN on the Windows 7 VM, I can reach my LAN, Internet, and remote networks on the other side of  the tunnel.  It seems to be something specific to Windows 10.  Sorry if I didn't make that more clear in my initial post. 
    #4
    gsi_mhorn
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/01/14 07:16:19
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/01/19 05:44:37 (permalink)
    0
    Thank you for the reply.  I should add that the problem I'm having does not appear to be that split tunneling is blocking my internet and local traffic.  The problem is when I'm connected to the VPN, no traffic is routing (no LAN, no Internet, no remote networks).  My work around for this is to use a Windows 7 VM and when connected using the same version of the Forticlient, I have no issues so I don't think it's a server side configuration.  While connected to the VPN on the Windows 7 VM, I can reach my LAN, Internet, and remote networks on the other side of  the tunnel.  It seems to be something specific to Windows 10.  Sorry if I didn't make that more clear in my initial post.  Do you have any other suggestions?
    #5
    Aggromonster
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/01/20 06:32:46
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/01/20 06:36:27 (permalink)
    0
    I have a similar and potentially related problem.

    I am attempting to connect to a client running a Fortinet Firewall.  The connection is made successfully, but I cannot reach any resource on their network.  I cannot even ping the IP of the DNS servers registered with the connection.
    Installing the Fortinet VPN client on a Windows 8.2 machine, it connects and network resources are available.

    I do have the Cisco VPN client installed but not active during the connection.  Have tried this on multiple Windows 10 machines (with differing levels of updates) with no success.
     
    Any resolution suggestions?  I also am not a Fortinet client and cannot create a support ticket.
    #6
    Aggromonster
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/01/20 06:32:46
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/01/20 06:39:34 (permalink)
    0
    I am having a similar problem as well.  VPN SSL client connects, but no resources on the remote network are available.  Could not ping the IP addresses of the DNS servers registered with the connection.
     
    Using a Windows 8.1 machine, the VPN client works as expected.  Connects and resources are available.  Tried this from multiple Windows 10 machines withe the same result on each.
    #7
    JohnAgora
    Silver Member
    • Total Posts : 94
    • Scores: 7
    • Reward points: 0
    • Joined: 2015/10/14 11:43:36
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/01/20 11:08:40 (permalink)
    0
    Have you check your windows network setting? Default gateway, etc.?
    If everything looks fine some diagnose debug flow will help (on the firewall), if nothing relevant appears, try a wireshark from your Windows 10 (to see where the traffic is going).
    #8
    xjkrcx
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2013/05/22 08:20:36
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/03/23 04:17:14 (permalink)
    0
    Did any one get a solution to this?  I'm encountering the same issue - the client connects but no remote resources are accessible.  Happening on Windows 10 and 8.1.  Windows 7 clients are fine, including a 7 VM running on 10.
    #9
    cmpan88_FTNT
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/04/08 13:48:40
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/04/20 10:28:10 (permalink)
    0
    Do have have Dell VPN or DNE is installed on the same machine?   Those drivers might be conflicting.   You may remove them to verify the issue.
    #10
    Chris.Lin_FTNT
    Gold Member
    • Total Posts : 310
    • Scores: 35
    • Reward points: 0
    • Joined: 2012/11/19 14:12:49
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/04/21 10:35:51 (permalink)
    0
    FortiClient SSL windows app for Windows 10 is available now. It may worth a try.
    #11
    brycedwhite
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/04/30 05:58:51
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/05/01 10:45:16 (permalink)
    0
    The FortiClient SSL app in the Windows Store does indeed connect to the VPN host, but only after I installed a proper SSL cert on the Fortigate 100D.  So now I can connect, but no traffic is routing to the remote netwotk.
     
    #12
    brycedwhite
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/04/30 05:58:51
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/05/01 10:48:50 (permalink)
    0
    I should add that I have other Windows 10/7 and Mac clients that work just fine.
    #13
    Chris.Lin_FTNT
    Gold Member
    • Total Posts : 310
    • Scores: 35
    • Reward points: 0
    • Joined: 2012/11/19 14:12:49
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/05/02 07:42:56 (permalink)
    0
    brycedwhite
    The FortiClient SSL app in the Windows Store does indeed connect to the VPN host, but only after I installed a proper SSL cert on the Fortigate 100D.  So now I can connect, but no traffic is routing to the remote netwotk.
     


    Could you check if the route, dns etc. are correct? Did you verify the traffic by sniffer on FortiGate?
    #14
    brycedwhite
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/04/30 05:58:51
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/05/02 08:39:52 (permalink)
    0
    Chris.Lin
    brycedwhite
    The FortiClient SSL app in the Windows Store does indeed connect to the VPN host, but only after I installed a proper SSL cert on the Fortigate 100D.  So now I can connect, but no traffic is routing to the remote netwotk.
     


    Could you check if the route, dns etc. are correct? Did you verify the traffic by sniffer on FortiGate?


    Hi Chris,  I have not checked anything on the Fortigate as I'm not real comfortable messing around with the unit.  I can tell you, however, that I have dozens of Windows 7 PCs and a handful of Windows 10 and Macs that have been connecting and accessing resources for a couple of years - never seen this situation before.
    #15
    jppataki
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/05/13 10:50:31
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/06/06 10:58:12 (permalink)
    0
    I have the same problem in ONE machine, I have at least 10 machines with Windows 10 (various builds) working fine but the last installs it started to have this problem.

    The Store Forticlient doesn't work either in that machine... all the other machines from XP to 10 work fine. Reinstall doesn't fix it either. 
    I have no clues whatsoever 
     
     
    #16
    scerazy
    Gold Member
    • Total Posts : 155
    • Scores: 2
    • Reward points: 0
    • Joined: 2009/12/22 14:09:01
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/07/06 05:01:03 (permalink)
    0
    On various W10 machines SSL VPN client works fine. Recently on some machines, DNS stopped resolving (from internal LAN as specifies in SSL VPN setup) & routing stopped.
    Worked on one machine remotely, reset Policies on Fortigate & routing kicked in (no idea how or why)
     
    But DNS does not resolve (there ARE correct DNS servers in ipconfig) Noticed that as soon as SSL VPN client connects, DNS service gets set to disabled!
    Re-enabling it & starting makes no difference, DNS resolution still does NOT happen for internal hosts, (split tunneling works which means external host resolution works)
     
    Only managed to get this client working, by adding entries to local hosts file (far from ideal)
    #17
    rjkantor
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/07/20 11:41:29
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/07/22 05:02:59 (permalink)
    0
    Hello.  I too have a windows 10 pro installation and I am able to make the vpn connection, but I am unable to ping or access resources within my network.  Has a solution to this issue been found?  I am using the 5.4 version of the fortinet client.  Everything looks good and the same machine worked under windows 7 with the v4 version of the forticlient.
     
    Any and all assistance is greatly appreciated.
     
    Robb
    #18
    xjkrcx
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2013/05/22 08:20:36
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/07/22 05:35:14 (permalink)
    0
    We ended up resolving this by realizing there was a conflict between Forticlient and Sonicwall Global VPN client. Removing the GVC enabled Forticlient to behave normally.
    #19
    rjkantor
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/07/20 11:41:29
    • Status: offline
    Re: FortiClient 5.4 on Windows 10 Connects but does not route Traffic over SSL VPN 2016/07/22 06:02:25 (permalink)
    0
    Yes, we discovered the same.  Is there a way for both VPN clients to coexist?  Otherwise, I will have to setup a Virtual OS for my sonicwall client.
     
     
    xjkrcx
    We ended up resolving this by realizing there was a conflict between Forticlient and Sonicwall Global VPN client. Removing the GVC enabled Forticlient to behave normally.




    #20
    Page: 12 > Showing page 1 of 2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5