Description
The current default settings of SSLVPN on Microsoft Windows based hosts is to disable "WinDnsCacheService" service when the tunnel is up, and enable "WinDnsCacheService" service again after the tunnel is shut-down. For set-ups that require the use of the DNS Client service whilst still connected to SSL VPN, the following registry modification can be made to get around the default behavior.
Scope
FortiClient, Standalone SSL VPN CLient
Solution
The status of the DNS client service can be verified by running the commands "services.msc" or "msconfig".
FortiClient users:
FortiClient 5.2.3 and newer:
In FortiClient 5.2.3, a new XML tag named "dnscache_service_control" has been added to the FortiClient configuration file. Any value (0,1,2,3) entered there will be written to the SSLVPN registry value named "WinDnsCacheService". Therefore, there will be no need to manually modify the registry. This feature is however not supported on hosts running Windows XP.
<sslvpn>
<options>
<enabled>1</enabled>
<dnscache_service_control>0</dnscache_service_control>
<!--0=disable dnscache, 1=do not tounch dnscache service, 2=restart dnscache service, 3=sc control dnscache paramchange-->
</options>
FortiClient 5.2.3 and newer:
In FortiClient 5.2.3, a new XML tag named "dnscache_service_control" has been added to the FortiClient configuration file. Any value (0,1,2,3) entered there will be written to the SSLVPN registry value named "WinDnsCacheService". Therefore, there will be no need to manually modify the registry. This feature is however not supported on hosts running Windows XP.
<sslvpn>
<options>
<enabled>1</enabled>
<dnscache_service_control>0</dnscache_service_control>
<!--0=disable dnscache, 1=do not tounch dnscache service, 2=restart dnscache service, 3=sc control dnscache paramchange-->
</options>
