Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
jsorensen
Staff
Staff

Created on ‎03-30-2015 07:36 AM Edited on ‎06-06-2022 01:19 PM By Anonymous

Article Id 193504

Technical Tip: Maintaining Internet access during IPSec SA negotiation for FortiClient VPN

Description
This document will explain how to maintain Internet access during IPSec SA negotiation for Dialup FortiClient VPN.  Maintaining this access may be necessary for some scenarios such as for two-factor email authentication.

 

Scope
FortiClient


Solution
The FortiClient by default will block Internet traffic during the IPSec SA negotiation.  If you are using email two-factor authentication, you will be unable to get the email on the connecting computer, you would need another device in order to receive the email.

In order to allow Internet traffic to pass during the IPSec SA negotiation, (allowing the connecting computer to get the email) you will need to change the value of the  <implied_SPDO> tag in the FortiClient's xml file from 0 to 1.

Change the output to:
<implied_SPDO>1</implied_SPDO>

The tag is located under:


<ipsecvpn>
    <connections>
        <connection>
            <ike_settings>
                <implied_SPDO>

***This option is available in FortiClient 5.2 and later.***

1454
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.