My company uses a Fortigate SSL VPN for remote access. The clinet intalls an
ActiveX control to create the VPN Tunnell. This works very differently on
Vista than it does in XP. In XP, the ActX control can be installed easily
from an account with administrative privileges. Once connected, all traffic
flows through the VPN. You minimize the browser, and can use all standard
tools, from ping to remote desktop sessions, and all flows through the VPN.

In Vista, the first issue is that even from an administrative account, you
still need to manually elevate and run IE as an admistrator to both install
the ActX control, as well as to connect to the VPN once the control is
installed. Further, nothing seems to flow through the VPN by default.
Pinging machines on the remote end returns "host unreachable" messages, and
remote desktop sessions just flat out don't work. The VPN itself is
connected, and ipconfig confirms the assigned IP, and DNS settings for it.
Also, though the fortigate VPN itself has some tools that can be used from
the browser, most are disabled, except for ping. Using the ping tool from
the browser (in the admin session, of course) reches the destination fine.

I'm thought this was related to a user rights issue, though I did try to
elevate my RDP session and see if it would work that way, but it did not.
Perhaps something to do with IE's protected mode? I'm almost certain now
that it has something to do with the Vista isolates certain processes and
features.

Any thoughts or potential workarounds?


--
"Hurricane" Andrew
Milford, DE

Not what you want to hear, but it's up to Fortigate to create a
Vista-compatible version of their VPN control. Have you contacted them?

--
Steve Riley

http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Hurricane Andrew" wrote in
message ...
My company uses a Fortigate SSL VPN for remote access. The clinet intalls
an
ActiveX control to create the VPN Tunnell. This works very differently on
Vista than it does in XP. In XP, the ActX control can be installed easily
from an account with administrative privileges. Once connected, all
traffic
flows through the VPN. You minimize the browser, and can use all standard
tools, from ping to remote desktop sessions, and all flows through the
VPN.

In Vista, the first issue is that even from an administrative account, you
still need to manually elevate and run IE as an admistrator to both
install
the ActX control, as well as to connect to the VPN once the control is
installed. Further, nothing seems to flow through the VPN by default.
Pinging machines on the remote end returns "host unreachable" messages,
and
remote desktop sessions just flat out don't work. The VPN itself is
connected, and ipconfig confirms the assigned IP, and DNS settings for it.
Also, though the fortigate VPN itself has some tools that can be used from
the browser, most are disabled, except for ping. Using the ping tool from
the browser (in the admin session, of course) reches the destination fine.

I'm thought this was related to a user rights issue, though I did try to
elevate my RDP session and see if it would work that way, but it did not.
Perhaps something to do with IE's protected mode? I'm almost certain now
that it has something to do with the Vista isolates certain processes and
features.

Any thoughts or potential workarounds?


--
"Hurricane" Andrew
Milford, DE

Yeah, I was afraid of that being the answer. We'll open a ticket with them
today.


--
"Hurricane" Andrew
Milford, DE

"Steve Riley [MSFT]" wrote in message
...
Not what you want to hear, but it's up to Fortigate to create a
Vista-compatible version of their VPN control. Have you contacted them?

--
Steve Riley

http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Hurricane Andrew" wrote in
message ...
My company uses a Fortigate SSL VPN for remote access. The clinet
intalls an
ActiveX control to create the VPN Tunnell. This works very differently
on
Vista than it does in XP. In XP, the ActX control can be installed
easily
from an account with administrative privileges. Once connected, all
traffic
flows through the VPN. You minimize the browser, and can use all
standard
tools, from ping to remote desktop sessions, and all flows through the
VPN.

In Vista, the first issue is that even from an administrative account,
you
still need to manually elevate and run IE as an admistrator to both
install
the ActX control, as well as to connect to the VPN once the control is
installed. Further, nothing seems to flow through the VPN by default.
Pinging machines on the remote end returns "host unreachable" messages,
and
remote desktop sessions just flat out don't work. The VPN itself is
connected, and ipconfig confirms the assigned IP, and DNS settings for
it.
Also, though the fortigate VPN itself has some tools that can be used
from
the browser, most are disabled, except for ping. Using the ping tool
from
the browser (in the admin session, of course) reches the destination
fine.

I'm thought this was related to a user rights issue, though I did try to
elevate my RDP session and see if it would work that way, but it did not.
Perhaps something to do with IE's protected mode? I'm almost certain now
that it has something to do with the Vista isolates certain processes and
features.

Any thoughts or potential workarounds?


--
"Hurricane" Andrew
Milford, DE