If you push out these Registry settings to HKEY_CURRENT_USER with the User Configuration > Preferences > Windows Settings > Registry part of Group Policy you can pre-configure the client and save your users some typing (and yourself some support queries).FortiClient is a Fabric Agent that delivers protection, compliance, and secure access in a single, modular lightweight client. I would have found this out much sooner! However I’m surprised this isn’t documented anywhere online and their support team aren’t aware of it.Īs a little bonus, I found this post on the Fortinet forums. I clearly should have read the messages that the installer spits out. Navigate to C:\Users\username\AppData\Local\Temp and you’ll find there is an SslvpnClient.msi that you can copy somewhere safe to deploy as normal with Group Policy.Run SslvpnClient.exe but don’t click on anything in the installer.Open up the archive with something like 7-zip and extract SslvpnClient.exe.At the time of writing the latest installer can be found in /FortiGate/v5.00/5.2/5.2.4/VPN/SSLVPNTools/sslvpnclient64pkg_.tar.gz Then select Fortigate as the product and click Download. Download the latest installer package from Fortinet’s support portal.I discovered that the EXE installer creates an MSI during the installation process (although it doesn’t show up if you try to extract the EXE with 7-zip or similar) which I can now deploy with Group Policy. I mostly use either use Chocolatey with its Puppet Module or Group Policy to push out software to Windows machines, but I couldn’t find a (recent) MSI installer or a way to silently install with the EXE installer anywhere online or via their support team. However as more and more people have been using it, the fact I didn’t have a way to silently roll it out has become a bit of a pain. The client is very simple, it’s been completely reliable and the setup was extremely easy. That alternative ended up being their proprietary SSL VPN.
So when I had to implement a VPN for a handful of remote workers, I initially tried to use L2TP-IPSec which is supported by the Fortigate, but certain UK ISPs block or otherwise mess with IPSec traffic so I had to find an alternative. I’m a big fan of Fortinet products we’ve got a Fortigate firewall at work and it has always been completely reliable and easy (for a firewall) to configure.
0 kommentar(er)
