Hi guys,
i seen this feature on Sophos firewalls, were when they download the SSL VPN Clients, they download it pre-configured and users are only prompted to enter username and password.
it is possible to achieve the same on FortiGate (i know in web-mode you are prompted to download Forticlient but not sure if it’s pre-configured)
if it’s not possible do you think this is a nifty feature to add to FortiGate?
Thanks
Indeed. FortiClient EMS is your only option (and the only one supported by Fortinet). The download from webmode is also not preconfigured.
Afaik that is a FortiClient EMS function, there’s no way to do so on a FortiGate alone.
I think EMS would be the only supported way to do this. I’m considering recommending it in my org as I think my current approach is no longer viable.
Currently I use the FortiClient Configuration Tool, which outputs an MSI file and MST transform file with all of the settings in it. So FortiClient is installed with a connection pre-configured with the correct address, port, which issuing CA to automatically use for client certificates, etc.
I deploy the MSI/MST combo as a custom Win32 app via Intune, but I’m sure you could use some other MDM or deployment method. This works great. Although I would need to uninstall and reinstall the client to make any changes to the settings.
Unfortunately it appears that the tool hasn’t been updated since version 6.0.10, and you need a login to the FortiClient Developer Network to get it (I had to get our reseller to get me an account). I guess Fortinet would really rather sell you EMS.
Unfortunately it appears that the tool hasn’t been updated since version 6.0.10
The tool is only available for up to FortiClient 6.0. From 6.2 onwards, its role was completely taken over by EMS.