The FortiGate unit supports both SSL and IPSec VPN technologies. Each combines encryption and VPN gateway functions to create private communication channels over the Internet, which helps to defray physical network costs. Both enable you to define and deploy network access and firewall policies using a single management tool. In addition, both support a simple client/user authentication process (including optional X.509 security certificates). You have the freedom to use both technologies; however, one may be better suited to the requirements of your situation.
In general, IPSec VPNs are a good choice for site-to-site connections where appliance-based firewalls are used to provide network protection, and company sanctioned client computers are issued to users. SSL VPNs are a good choice for roaming users who depend on a wide variety of thin-client computers to access enterprise applications and/or company resources from a remote location.
This article provides the steps to install FortiClient SSL VPN client in Linux.
- Ubuntu or CentO Linux distributions
- SSL VPN already configured on the FortiGate
- FortiClient SSLVPN software for Linux
1) Download FortiClient for Linux.
- Log in to the Fortinet Customer Service & Support web portal at https://support.fortinet.com
- Select on ‘Download’ tab, then ‘Firmware Images’. On the next page, click on ‘Download’ tab
- Select the firmware version of your FortiGate and you will find FortiClient SSLVPN for linux under VPN > SSLVPNTools folder
- The name of the file has the following format: fortinclientsslvpn_linux_.tar.gz
- Click on ‘HTTPS’ to download and save the file
2) How to run FortiClient SSLVPN for Linux
- Via the file explorer, right-click on the file and extract its files. Open the folder that matches the architecture of your Linux distribution and run ‘forticlientsslvpn’
- Via Linux Terminal, go to the folder where the file has been downloaded and extract it with tar –xvf forticlientsslvpn_linux.tar.gz
- Open the FortiClient folder, and run ./fortisslvpn.sh & (if you know Linux distribution, open either 32Bits or 64bits folder and run ./forticlientsslvpn & )
- Under either 32bits or 64bits folder, you can find the CLI version of FortiClient
3) Configuration of the GUI FortiClient SSLVPN
- Type the IP of FortiGate and port, username/password and click on ‘Connect’
- If the SSL VPN connection requires Proxy, certificate or other advance settings, click on ‘Settings’
- Under ‘Settings’, more SSL VPN profiles can be added by clicking on ‘+’ button.
- If a certificate warning is displayed, click on ‘Continue’ to proceed
- Once connected, check which IP has been assigned by running ‘ifconfig’. The name of the interface is ppp0 and the routing table with ‘route’
4) Configuration of the CLI FortiClient SSLVPN
- Run ./forticlientsslvpn_cli to display all available configuration options
- If the SSL VPN connection only requires username/password, run: ./forticlientsslvpn_cli –server : –vpnuser
- Press Enter and FortiClient will request the password for the username.
- If the connection is successful, a STATUS::Connected message will be displayed, otherwise if the password is incorrect, error ‘SSLVPN down unexpectedly with error:2’ will appear.
Before getting to the script make sure you are able to execute below command successful or able to connect.
#/home/rupin/forticlientsslvpn/64bit/forticlientsslvpn_cli –server <IP Address>:<Port Number> –vpnuser <username>
where /home/rupin/forticlientsslvpn/64bit/forticlientsslvpn => is my path where i have extracted fortinetclient.
Script on GIT :-
Before executing script make changes for your connection
- IP Address – IP address of the Fortinet Firewall.
- Port Number – Enter the port Number.
- Password – Enter the password.
As with GUI FortiClient SSLVPN you would be able to set only single instance at a time.but with fortclient cli, you can connect multiple instances.
For Multiple connect you can run above script in multiple tab.