SETTING UP DNS SUFFIX .
If your users connect to a Forigate firewall using Forticlient SSL VPN and you are using internal DNS servers for DNS resolution, you might expect your users to be able to resolve names of devices on your network. However, this will not work unless you configure your local DNS suffix.
Example: DNS suffix for your local domain is “mycompany.local”
Run this command in Fortigate CLI to allow your Forticlient SSL VPN users to resolve names of devices on your local network
config vpn ssl settings set dns-suffix mycompany.local end
FORTICLIENT SSL VPN RANDOMLY DISCONNECTS
Your Forticlient SSL VPN users might experience frequent disconnects, even if “Always On” check box is checked in Forticlient’s login window.
Here is configuration that works
config vpn ssl settings set auth-timeout 259200 set idle-timeout 259200 end
Note: timeout is in seconds , so 259200 seconds is 72 hours. You might want to decrease it as you see fit. We normally set it up for 8 hours or 28800 seconds. This prevents users from just leaving VPN on overnight.