Skip to main content
zorro
zorro
New Member
May 2, 2018
Question

VPN and Always-UP

  • May 2, 2018
  • 2 replies
  • 8283 views

Hi

 

I would like to configure Fortigate for always-up VPN connectivity like Direct Access with the VPN being initiated before the user has logged on to the laptop. Either secured by a valid certificate issued individually to each machine from our internal CA (we already issue certs for corporate wireless access so using the same computer cert would be helpful) or using Windows credentials + eventually some form of second factor. Of course it should be secure, but also convenient for the end user. Does anyone know if this kind of scenario is supported?

 

And if yes, would you go down that road? I mean reagrding evntual issues with forticlient and installation of the same on Win10 machines.

 

TIA, Zoran

    2 replies

    Fullmoon
    Fullmoon
    New Member
    May 2, 2018

    hope this helps https://video.fortinet.com/video/118/how-to-setup-always-up-auto-connect-vpn-with-forticlient-5-2

     

    zorro
    zorroAuthor
    New Member
    May 2, 2018

    Hi

     

    Tnx for quick answer, @Fullmoon!

     

    I've seen that video, but the focus there is mostly on how do you configure xml profile, not is it possible to use machine certificate instead of AD username/password.

     

    I am also wondering does this need additional licenses on Fortigate?

     

    BR

    Zoran

    dstrausser
    dstrausser
    New Member
    May 10, 2018

    Hey Zoran,

     

    I am actually in the same boat as you are and I also cannot seem to find any useful information in the guides or forums for this.

    chrisparker
    chrisparker
    New Member
    January 3, 2019

    Did anyone get this resolved? I'm looking for the same info. Any help would be appreciated.

    Terms & ConditionsAccessibility statement