Is it possible to force VPN before login when internet is available but only allow login locally when internet is not available.

Question

I am using FortiClient -EMS and I have Machine pre-logon connections working via certificate. When the User logs in to the machine, the machine VPN connection drops and a new connection is auto connected with the users credentials. I want to disable the users ability to ctrl-alt-del and bypass the VPN login (always on VPN) {note for security, our company wants users to be logged in to VPN at all times } , however, this makes the laptop unusable if traveling for instance, on plane, or car with no internet. Any suggestions?

Answer 1

Hello, Yes, it is possible but the exact steps will depend on the VPN service and the operating system you are using. For Windows, you can use the “Start Before Logon” feature provided by some VPN clients like Cisco AnyConnect or Fortinet. This will start the VPN connection before the user logs into their account, ensuring all internet traffic is tunneled through the VPN. As for allowing local login when the internet is not available, this is generally the default behavior for most systems. When a network connection is not present, the system will typically fall back to using cached credentials for authentication. You might want to double-check this in your system’s settings or the domain settings if you’re on a network domain. For a more detailed guide, you may want to check the documentation for your specific VPN client or contact your VPN’s support team. Best Regards,
Hania Lian

---If the Answer is helpful, please click "Accept Answer" and upvote it.