This is the result of various nslookup attempts: C:\Users\user>nslookup https://connect.domain.com:20443/ Server: unifi.localdomain Address: 192.168.2.1 *** https://connect.domain.com:20443/ wurde von unifi.localdomain nicht gefunden: Non-existent domain. C:\Users\user>nslookup https://connect.domain.com:20443/ Server: unifi.localdomain Address: 192.168.1.1 *** https://connect.domain.com:20443/ wurde von unifi.localdomain nicht gefunden: Non-existent domain. C:\Users\user>nslookup https://connect.domain.com Server: unifi.localdomain Address: 192.168.1.1 *** https://connect.domain.com wurde von unifi.localdomain nicht gefunden: Non-existent domain. C:\Users\user>nslookup connect.domain.com Server: unifi.localdomain Address: 192.168.1.1 Nicht autorisierende Antwort: Name: connect.domain.com Address: 213.30.zzz.yyy Only the attempt without the portnumber I receive the IP. By using and trying the IP on the webbrowser, I receive as response "ACME Access Only" as plaintext to read. The expected behavior is to receive with the https://domain:port request to receive the loginpage from the Forticlient server. Changing the DNS server directly on my WiFi adapter on the notebook, I receive the following responses on the client system: C:\Users\user>nslookup https://connect.domain.com:20443 Server: dns.google Address: 8.8.8.8 *** https://connect.domain.com:20443 wurde von dns.google nicht gefunden: Non-existent domain. C:\Users\user>nslookup connect.domain.com Server: dns.google Address: 8.8.8.8 Nicht autorisierende Antwort: Name: connect.domain.com Address: 213.30.zzz.yyy With the Google DNS Server it seems again, that the non port try, works in respect to receive atleast a response from the server. Just an idea, is it possible that the target server block my tries just on the port/endpoint? I am only aware, when you block a client/attacker its only done at all (webpage access and port). Here I can partially access the webpage for ACME process, but not the endpoint for the VPN