Issue symptoms:

1. After connecting to the IPsec VPN, open the command prompt and perform a 'ping' to any internal hostname/FQDN. Observe about 5 5-second delay for the command to start pinging.

2. Perform another 'ping' to the same hostname/FQDN, there will be no delay anymore.

    

3. When performing an 'nslookup' on hostname/FQDN (even a new one), the result is instant. 

   
   

    

4. Open a browser and go to any internal website, and it takes a significant delay for the website to start loading.

    

Note: If the IPsec VPN is a full tunnel, these symptoms can also be observed on the external/public hostname and FQDN.

Verifying the root cause:

1. In the command prompt, run the command 'ipconfig /all'.
2. Check the local network adapter section. Observe that the IPsec tunnel DNS servers are appended to the local network adapter.

Solution:

1. In FortiClient EMS, go to Endpoint Profile -> Remote Access -> Edit profile.
2. Select XML view on the top right, configure <prefer_ipsecvpn_dns> to 0.
   
   
   
3. Save the profile.
4. Wait for the endpoint to sync the latest profile.

Result:
After the endpoint receives the configuration, perform testing again to verify the issue is gone.

1. In the command prompt, after connecting to the IPsec VPN, run the command 'ipconfig /all'. 
   Observe that the IPsec tunnel DNS servers are no longer appended to the local network adapter.
   
   
   
2. Perform 'ping' to any internal hostname/FQDN. There should be no delay anymore.