FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
FortiGate tuning proposals to support cluster failover and rollback while running traffic in IPsec tunnel from/to FortiClient.
Both IPsec setting using IKEv1
FortiGate HA commands
config system ha set mode a-p set hbdev <portname> 50 <portname> 50 set session-pickup enable set session-pickup-connectionless enable set ha-mgmt-status enable set ha-mgmt-interface <port>" set ha-mgmt-interface-gateway <ip addr> set override disable set priority 250
Modify the FortiGate to propose a single phase-2 Diffie-Hellman group. Use group 5 instead of default value proposing group 14 and group 5.
fgt (phase2-interface) # config vpn ipsec phase2-interface edit "client_tunnel" set phase1name " client_tunnel " set dhgrp 5
Modify Phase-2 replay detection value to 'DISABLE' on both sides.