Heads up if you have a Windows 11 device with FortiClient (we’ve tested up to v7.2.5) and all of the RSAT Tools for Windows Admins installed, your SSLVPN NIC won’t be assigned an IP when you connect to SSLVPN.
We isolated this to the networking RSAT tools such as for load balancing, etc. So if all you need is ADUC, etc, you should be ok.
We have one user here with this config, as we just upgraded them from W10 to W11. FortiGate would assign an IP from the pool, and FortiClient would show that IP, but checking the SSLVPN NIC showed an APIPA address.
Do you have RSAT tools installed via Features? That is what breaks it. Specifically the Network Management Tools. That is interesting though. I’m sure that this is related to some specific combination, but I find it odd this KB was first published in March 2023 and then updated a year later. Would be nice if FortiGate resolved in 7.2.5.
We use a 22H3 Windows 11 image that we push via FOG. Then we use DISM to pull and install the latest RSAT. Applicable Windows Updates are applied to bring current.
Last I checked the KB2693643 RSAT tool is officially Win10 only, not for Win 11 (which supposedly has something different/native for RSAT tools? idk), hence no plans on doing any fixes in this regard.