This article describes how to manually disconnect the VPN on end-user Forticlient since by default there is always a continuous SSL VPN connection with FortiSASE.
Scope
FortiSASE.
Solution
The user remains registered and maintains a continuous SSL VPN connection with FortiSASE, seamlessly preventing manual disconnection or endpoint unregistration from FortiClient. Even in the event of occasional disruptions, the client will proactively initiate automatic reconnection attempts, ensuring persistent and uninterrupted VPN access
It is possible to modify this default behavior from the FortiSASE portal. Adjust the client connection settings according to the preferences by following these steps:
- To prevent persistent SSL connections, go to Configuration -> Profile, access the FortiSASE portal, and verify that ‘Auto Connect to FortiSASE SIA’ is turned off. By disabling this option, it ensures that in the event of an interruption in SSL VPN connectivity, such as client reboots or other failures, FortiClient will not initiate automatic reconnection, offering more control over the VPN connection behavior.
- To enable clients to disconnect from SSL VPN, go to Configuration -> Profile, access the FortiSASE portal, and confirm that ‘Force Always On VPN’ is turned off. Users can disconnect from the SSL VPN at their discretion, and traffic will not be mandated to flow through FortiSASE. It is important to note that this option becomes available only if the preceding ‘Auto Connect’ option is enabled; hence, if the initial option is disabled, this step becomes unnecessary.
When ‘Auto Connect to FortiSASE SIA & Force Always On VPN’ is enabled by default:
It is not possible to see any options to disconnect the VPN:
When ‘Auto Connect to FortiSASE SIA & Force Always On VPN’ is disabled, options to disconnect the VPN are visible.
