Skip to main content
TRHorizonmedia
TRHorizonmedia
New Member
April 17, 2021
Solved

Forticlient (free) enterprise distribution - SCCM

  • April 17, 2021
  • 2 replies
  • 25428 views

Has anyone gone thorugh the exercise of bundling the free Forticlient (6.0.x) MSI into a package for mass distribution throughout their enterprise via SCCM?  Any pointers, suggestions, gotchas that you ran into that you're willing to share?

 

We're also trying to figure out how to bundle/pre-package our default Forticlient settings (Connection name, Remote Gateway URL, etc.) into the package - any recommendations on the good way to insert this into the package would be appreciated.

 

Thanks,

 

T. 

    Best answer by AlexBeaudet

    No problem here it is .

     

    [ol]
  • Important to get the "offline installer" for the Free VPN because it then can be uninstalled by the user without any fuss.
  • Configure the client the way you want it and then export the XML.
  • We made a wrapper in c# that is a single click app which does the following:[ol]
  • The wrapper includes the MSI and XML files needed for installation and extracts them in a temp folder.
  • Then we use Powershell to install the MSI silently and import the config file with FCConfig.exe
  • After that we clean up the MSI and XML files and prompt for a reboot if needed.   [/ol][/ol]

    Here is the Powershell code for the installation itself :

    Start-Process "C:\Windows\System32\msiexec.exe" -ArgumentList "/i c:\blablabla\FortiClientVPN.msi /passive /norestart /quiet INSTALLLEVEL=3 DESKTOPSHORTCUT=1" -wait
    Start-Process "C:\Program Files\Fortinet\FortiClient\FCConfig.exe" -ArgumentList "-m vpn -f c:\blablabla\config.xml -o import -p YourPassWordForEncryptionIfNeeded" -wait

     

    We had test users running 6.0.10 FortiClient and, at first, this app uninstalled that version (without rebooting) and installed 6.4.3 on top.  We had corruption issues on most use cases where the FortiClient was behaving weirdly or not working at all. Clean uninstall and reinstall settled it.

     

    Hope this helps!

    • 2 replies

    gecko
    gecko
    New Member
    April 23, 2021

    Hi!

     

    for enterprise distribution you must use the ForticlientEMS.

    There is no official way to create bundles with VPN Configutration.

     

    You can create backups in the FortiClient and restore them to new installations, but you have to do this manually in the GUI. 

     

    Best regards

    Heino

     

    AlexBeaudet
    AlexBeaudet
    New Member
    April 29, 2021

    We are starting to toy with our new EMS console and licences. But we also will be bundling the Free client for BYOD devices for tele-workers and students of our university.

     

    All PCs on our domain (employees) will receive the FortiClientEMS via GPO and everyone else will download a small app we made that installs the Free offline client and then imports an XML config file.

     

    If we didn't have EMS licences we would definately be using our same GPO technique to install the free client on PCs in the domain. I can share specifics if need be!

    dbriden
    dbriden
    New Member
    April 30, 2021

    Hi AlexBeaudet

     

    We don't have EMS licencing and are looking at deploying forticlient and then installing the config from XML using the fcconfig.exe command.  I would be interested in hearing your experiences/learning how you cope with the installation of the free client and then importing the XML config file just to see/learn from other people's experiences so if you could share specifics I would be grateful.

     

     

    kaschumm
    kaschumm
    New Member
    June 4, 2021

    I extract the MSI from the EXE and then use the PowerShell App Deploy Toolkit. Then in the Post Installation section I use FCConfig.exe to import the config file I backed up previously. 

     

    Helpful links:

    FortiClient VPN Silent Install (How-To Guide) – Silent Install HQ

    This is for version 7, but you can adapt it for other versions. There's a link on this page that has the Powershell script they're using. 

     

    FCConfig.exe info for backing up and restoring the config:

    XML Reference Guide | FortiClient 6.0.10 | Fortinet Documentation Library

     

    In the Post-Installation section I add this line to import the config (I believe it requires a logged in user as I've had hit and miss results):

     

    Execute-Process -Path 'C:\Program Files\Fortinet\FortiClient\FCConfig.exe' -Parameters "-m all -f $dirFiles\FortiClientSettings.conf -o import -i 1"

     

     

      Terms & ConditionsAccessibility statement