Hi guys,
We have two SSL-VPNs going on. One with Split DNS and the other Non-Split. Apart from their DNS settings, both are exactly the same.
That said, the Non-Split DNS connects as quickly, through FortiClient, but it can take up to a minute before you can resolve and connect to any ressources on the network, as oppose to the split dns, which allows to RDP to a server 2-3 seconds after the VPN connects.
What do you think could cause this?
the Non-Split DNS connects as quickly, through FortiClient, but it can take up to a minute before you can resolve and connect to any ressources on the network
Is this only with RDP or are other things affected?
I’ve seen similar behavior in cases where the DNS resolution and/or tunneled internet access for the VPN client is being restricted or blocked. Things like failing to resolve or access Online Certificate Status Protocol sites to verify TLS certifcates used in the RDP process are an example.
For short term testing, remove the restrictions and open DNS and internet access for a test client. If I needed to severely restrict VPN client traffic, then I’d sniff the client’s traffic and see what was timing out and needed to be allowed.
Everything is affected. Can’t ping, can’t rdp, I cannot access any internal ressources for that time.
Regarding your suggestion, there are no restrictions. Like I said, it’s the exact same SSL-VPN except that this one uses non-split DNS.