Hot!Windows Clients Registering Home Router Adapter Assigned IP in DNS

Author
isamt
Bronze Member
  • Total Posts : 48
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/12/29 01:52:35
  • Status: offline
2020/11/01 04:04:15 (permalink)
0

Windows Clients Registering Home Router Adapter Assigned IP in DNS

I have vpn users running both Win8.1 and Win10.
Forticlient version is 6.0.10, managed by EMS server
 
Clients run SSL vpn and IPSec connections.
 
On the EMS server there is a setting 'Prefer SSL VPN DNS'
If unchecked, SSL clients only register the Vpn IP address in DNS.
With it checked, SSL clients also register their home router IP address.
 
Question, for IPSec connections is there a similar setting that performs the same behaviour?
We don't want IPSec users home IP addresses registering within DNS.
 
Thanks
post edited by isamt - 2020/11/01 04:06:15
#1

5 Replies Related Threads

    isamt
    Bronze Member
    • Total Posts : 48
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/12/29 01:52:35
    • Status: offline
    Re: Windows Clients Registering Home Router Adapter Assigned IP in DNS 2020/11/19 12:24:43 (permalink)
    0
    Raised a ticket on Fortinet for this.
     
    Fortinet's response:
     
    The issue is reported in 0659906 FortiClient IPSec VPN connected clients register local adapters IP to DNS-server, causing FSSO and client traffic to fail.

    The issue is under the developer's investigation.
    #2
    bmduncan34
    Bronze Member
    • Total Posts : 43
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/07/05 10:33:11
    • Status: offline
    Re: Windows Clients Registering Home Router Adapter Assigned IP in DNS 2020/11/25 10:49:23 (permalink)
    0
    I am having the same problem.  Any update on this?
    #3
    isamt
    Bronze Member
    • Total Posts : 48
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/12/29 01:52:35
    • Status: offline
    Re: Windows Clients Registering Home Router Adapter Assigned IP in DNS 2020/11/26 01:11:11 (permalink)
    0
    Fortinet have marked my ticket 'Pend Bug Fix'
    No further updates have been added as yet.
    #4
    thungo1604
    New Member
    • Total Posts : 2
    • Scores: 2
    • Reward points: 0
    • Joined: 2020/12/04 03:18:45
    • Status: offline
    Re: Windows Clients Registering Home Router Adapter Assigned IP in DNS 2020/12/04 03:25:12 (permalink)
    5 (1)
    Hi,
    We had the same problem here. This problem is resolved now. To resolve it, weve modified a key in the windows registry.
    This is the key to modify: HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiClient\Sslvpn\NoDnsRegistration. You have to enter a value of 2.
    Since we did that, no more problem with odd DNS registration. The only IP address assigne to the DNS entry is the VPN SSL one.
    It works for us, maybe you should try it!
    #5
    isamt
    Bronze Member
    • Total Posts : 48
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/12/29 01:52:35
    • Status: offline
    Re: Windows Clients Registering Home Router Adapter Assigned IP in DNS 2020/12/04 03:59:51 (permalink)
    0
    Hello thungo1604,
     
    Thanks for the registry key.
    I'm assuming this is what is updated with 'Prefer SSL VPN DNS' unchecked in the EMS server.
    I already stated that with this unchecked, SSL clients only register their assigned Vpn IP in DNS which is fine.
    My problem is that there is no equivalent setting for IPSec Vpn clients. They always register both their assigned Vpn IP plus the users home router assigned IP in the Corporate DNS server.
     
    Fortinet have identified this as a bug and advise they are testing their fix in 6.4 version of the client.
     
    If there is a registry key that stops IPSec clients registering home IP's in DNS then let us know.
     
    That is something I could maybe try!
    #6
    Jump to:
    © 2021 APG vNext Commercial Version 5.5