Description | This article describes an issue when users connect to a dial-up IPsec tunnel from FortiClient, the internet connection drops during the IPsec negotiation. |
Scope | FortiOS, FortiClient. |
Solution |
It is a default behavior as FortiClient blocks all outbound non-IKE traffic during the IPsec negotiation. This can be an issue if the user's computer is accessed remotely.
To allow outbound non-IKE traffic during the negotiation, it is necessary to modify the XML file of the FortiClient. If FortiClient is managed by EMS, an XML file can be configured on the EMS. For unmanaged/free FortiClient, follow the steps below:
Note: For more information about <implied_SPDO> and <implied_SPDO_timeout> value, refer to IKE settings |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.