Technical Tip: Internet connection drops while connecting to a dial-up IPsec VPN from FortiClient

It is a default behavior as FortiClient blocks all outbound non-IKE traffic during the IPsec negotiation. This can be an issue if the user's computer is accessed remotely. 

To allow outbound non-IKE traffic during the negotiation, it is necessary to modify the XML file of the FortiClient.

If FortiClient is managed by EMS, an XML file can be configured on the EMS. For unmanaged/free FortiClient, follow the steps below:

1. Backup the FortiClient configuration to a file as shown below. Remember the password because it will be necessary when restoring the configuration file later. 

2. Edit the backup configuration file in Notepad. In this example, a dialup IPsec VPN connection is configured named 'Dialup'. Change <implied_SPDO> value to 1 and <implied_SPDO_timeout> to 60. 

3. Save the configuration file and restore it on FortiClient. If the restore button is greyed out, select the padlock on the top right to unlock. Restore using the same password from step 1. 

Note:

For more information about <implied_SPDO> and <implied_SPDO_timeout> value, refer to IKE settings