We have a user with an older 2013~ish Mac running Mojave 10.14.4 and I’ve tried forticlient version 7.2 downloaded from the firewall’s SSL vpn portal as well as an older version 6.49.1460.
The firewall is on version 7.0.11
I know the connection settings are correct and the credentials are right because they work for the web portal but the VPN client just sits there with the status “connecting” and never moves. If I that would work, we’d be all good but I have no idea what is causing this behavior so for the time being I have setup an RDP connection in the user’s vpn web portal.
It connects to the desktop PC without issue but the remote PC has 2 screens and I don’t see an option, button or hotkey to swap to the second screen or anything other than send F8 command (which doesn’t do anything), exit or send Control alt delete.
The remote PC in display settings only behaves as if it has 1 display attached but when RDP is disconnected, it goes back to having both.
Ideally, we would just have a functioning SSL VPN client but I have no idea why this mac just hangs at “connecting”.
The web RDP is a somewhat functional work around but if there is a way to utilize the actual VPN client, I’m curious what the fix is for the current issue it’s having.
It’s possible I am wrong - both in my understanding of your dilemma or the capabilities of mac RDP - but the multiple screen RDP thing should be driven by the local PC (mac in this case), not by the SSLVPN client or the remote PC.
The VPN client is purely responsible for facilitating the connection into the network. What I believe you experienced with the web RDP, was more of a QuickAssist/VNC connection that looks to mirror the remote setup, where the Windows RDP client will use the local setup, and have the option to “use both all my available screens” under the display settings. Meaning the Mac may need two screens to do what you’re attempting - if that option exists for theac RDP client.
When you’re using MS RDP, the RDP server’s (i.e. the machine that you’re connecting to) display settings have no bearing on the RDP client’s (i.e. the machine that is making the connection) display settings - it is purely driven by the client. The server can be completely headless, and it can be a Windows Server machine serving multiple client sessions, each with its own display settings - resolution, bit depth, number of displays, etc. The browser RDP client built into Fortigate does not support multiple displays.
Regarding your FortiClient not connecting - are you using a trusted certificate for your SSL VPN configuration, and are you connecting to an FQDN or an IP address? If you’re connecting to an IP address, and/or not using a trusted certificate, then FortiClient will pop up a warning, and this warning can sit under the FortiClient window, pausing the connection until you click it away.
Note that even after you establish the VPN tunnel, an MS RDP client won’t mirror the remote display setup, as I’ve explained above. If you want to mirror it exactly, your best bet is TeamViewer in LAN mode.
no no this is going through the vpn web portal. You can create an RDP shortcut that launches a remote desktop session in a new web browser tab.
Connecting to the VPN web portal doesn’t establish a connection for the computer itself to the remote network. The only way I can ping the remote network is via the web browser tab. It’s like the VPN connection is strictly contained within the web browser session and not the actual system OS.
The user’s mac has 2 external displays but no way to have the browser on both screens.
Currently using a self signed cert on the firewall. Windows PC’s have no issues connecting.
I checked this mac and no pop under windows.
I eventually got the VPN connected though but I had to use a really old client I had from years ago, version 5.6.6.755. Connected instantly.
The user claims that multi-screen worked on our old firewall and the connection method was identical. Connect to SSL VPN, launch microsoft RDP connection to the desktop computer and go full screen.
You could do VNC over the Web Portal, too. The big gripe with VNC is that it’s not encrypted by default, but over a VPN you’re only leaving the last “leg” (firewall to server) unencrypted. Depending on the network layout this may be very easy to control.
RDP itself is “one screen”. An RDP client can use multiple displays, sure, but in this case the RDP “client” is the guacamole daemon upon which most of the Fortinet Web Portal is built. That’s limited to the display area of the web browser window/tab, however large it’s made.