Apologies for my very newbie status but we've been asked to provide support on an existing FortiNet system for one precise issue.
Our clients use FortiClient 6.0.8.0621 to connect to a FortiNet VPN server in Location B. Location B also has a leased line connection to Location A. Location A and Location B are on two different IP ranges. When a user connects their laptop to the VPN and prints to their Location A networked printer from home, it works. When they shut their laptop (without powering down) and go to Location A, their printer does not work and they have to restart their laptop. After the restart, it does work.
At the moment, we're telling everyone to restart their laptops between locations but surely there is a solution on this. Please let me know what additional information I should supply to help.
I'd guess that it's not the power state which causes this, but rather not shutting down the tunnel before moving. When opening a tunnel, routes for the private networks behind the tunnel are inserted into Windows. You check this with "route print" on the command line in Windows.
Most probably, there is a route to the network at site A behind the VPN tunnel. If the user now moves to site A, without closing the tunnel, his notebook still sends traffic to the tunnel, instead to the site A network directly. The tunnel will not function at site A anyway.
So, your advice would be to close FortiClient first, then move around. "Inhouse VPN connection" is IMHO never a good idea.
Thanks for that - it's still strange though, I clear the print route cache and yet I have a user unable to print to a particular printer. He can ping it, he can get onto its web interface, it definitely works but he can't print to it - it simply shows as offline, even after clearing the ARP cache and restarting the print spooler.
I've formally advised all remote users to quit FortiClient on finishing their VPN sessions. That hopefully will minimise the incidents. Thanks again.
An update - we decided that it would be better to have all Location B users have their own VPN endpoint on site and so set it up and connected a few test accounts to it.
Astonishingly, the exact same thing is happening - users lose their connection to all printers. I could understand it being an issue at one site with the tunnel issue but to happen at both, with local users unable to reach any printers, that suggests the software is doing something very strange with routing. We've used Cisco VPN software and Microsoft's own for literally two decades and never had this as a problem.
Should we just give up on Fortinet? Our end users are very unhappy with their experience of it so far.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.