New Member

Solved

Forticlient VPN for OS X Yosemite Change Authentication Mode

Forum|Forum|11 years ago
May 4, 2015
2 replies
3989 views

I'm having trouble finding a way to change my authentication mode from "Aggressive" to "Main" while connecting via OS X Forticlient. I'm testing with IPSec Remote Access on my Fortigate 200D and my windows workstations connect fine, because I can set them to "Main" mode.

Everything is up to date, including the forticlient application.

Any ideas?

Best answer by emnoc

1> open the forticlient console

2> unlock the change button

3> go to perferences

4> hit the button backup

5> save a copy

5> F5/find the line

6> make the changes

7 > restore using the "changed forticlient cfg"

That's how I 've always done it. YMMV but just make sure you backup the cfg b4 doing any changes. Then you always have a "before" and "after"

;)

ken @ socpuppet.blogspot.com

emnoc

New Member

I would threw the xml cfg file but serious aggressive mode should be the mode to use if the remote-peer ip_address is not known or your using a identifier ( aka group in cisco lingo ).

oops here the related xml

<ike_settings> <prompt_certificate>0</prompt_certificate> <description>SOCPUPS0023</description> <server>1.1.1.1111</server> <authentication_method>Preshared Key</authentication_method> <auth_key>Enc 420d2ee65abded897a69c50f49954d0df61920558d173d22a1b0b1b058b8034b</auth_key> <mode>aggressive</mode> <dhgroup>5</dhgroup> <key_life>86400</key_life> <localid></localid> <nat_traversal>1</nat_traversal> <mode_config>1</mode_config> <enable_local_lan>0</enable_local_lan> <dpd>1</dpd> <xauth> <enabled>1</enabled> <prompt_username>0</prompt_username> <username>Enc 420d2ee65abded897a69c50f4995520ee00120439964f3eddc13ccae6f63c7595c013957d0</username> <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password> </xauth>

jsabbyAuthor

New Member

emnoc wrote:
I would threw the xml cfg file but serious aggressive mode should be the mode to use if the remote-peer ip_address is not known or your using a identifier ( aka group in cisco lingo ).

oops here the related xml

<ike_settings> <prompt_certificate>0</prompt_certificate> <description>SOCPUPS0023</description> <server>1.1.1.1111</server> <authentication_method>Preshared Key</authentication_method> <auth_key>Enc 420d2ee65abded897a69c50f49954d0df61920558d173d22a1b0b1b058b8034b</auth_key> <mode>aggressive</mode> <dhgroup>5</dhgroup> <key_life>86400</key_life> <localid></localid> <nat_traversal>1</nat_traversal> <mode_config>1</mode_config> <enable_local_lan>0</enable_local_lan> <dpd>1</dpd> <xauth> <enabled>1</enabled> <prompt_username>0</prompt_username> <username>Enc 420d2ee65abded897a69c50f4995520ee00120439964f3eddc13ccae6f63c7595c013957d0</username> <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password> </xauth>

Thanks emnoc,

I'll try that, do you know where I can find the xml file in os x? I will also keep in mind the aggressive mode option but I wanted to give main mode a shot since it encrypts the log in credentials too. Plus, I was curious as to how this would work using os x.

emnocAnswer

New Member

1> open the forticlient console

2> unlock the change button

3> go to perferences

4> hit the button backup

5> save a copy

5> F5/find the line

6> make the changes

7 > restore using the "changed forticlient cfg"

That's how I 've always done it. YMMV but just make sure you backup the cfg b4 doing any changes. Then you always have a "before" and "after"

;)

ken @ socpuppet.blogspot.com

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded