Features
Feature |
Description |
|
---|---|---|
SSL VPN (tunnel mode) |
SSL VPN in tunnel mode supports the following:
FortiClient iOS does not support SSL VPN resiliency. |
|
Web Filter |
FortiClient iOS supports all browser traffic. |
|
Zero Trust Telemetry |
Connect to FortiGate and EMS for central management. |
|
|
mobileconfig |
Use the mobileconfig file to preconfigure a Zero Trust Telemetry preferred host. Once FortiClient starts, it uses this preferred host to connect. |
FortiAnalyzer support
|
Send logs to FortiAnalyzer when configured from FortiClient EMS. See the FortiClient EMS Administration Guide. |
SSL DNS server for split tunnel
To use the SSL DNS server for split tunnel, you must configure the DNS suffix on the FortiGate side. Following is an example of configuring SSL DNS server for split tunnel using FortiOS:
config vpn ssl settings
set dns-suffix
"domain1.com;domain2.com;domain3.com;domain4.com;domain5.com;domain6.com;domain7.com;domain8.com"
set dns-server1 10.10.10.10
set dns-server2 10.10.10.11
end
config vpn ssl web portal
edit "full-access"
set dns-server1 10.10.10.10
set dns-server2 10.10.10.11
set split-tunneling enable
next
end
If you configure the split tunnel, only DNS requests that match DNS suffixes use the DNS servers configured in the VPN. Due to iOS limitations, the DNS suffixes are not used for search as in Windows. Using short (not fully qualified domain name (FQDN)) names may not be possible. |