FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
irodriguez_FTNT
Article Id 196863

Description

 
This article describes the steps to install an SSL VPN client in Linux.
Requirements:
  • Ubuntu or Fedora Linux distributions.
  • SSL VPN is already configured on the FortiGate.
  • SSL VPN Client software for Linux.

Solution

 
Note:
A Fortinet Support Contract is not necessary in order to download the Linux Version of the SSL VPN Client.
 
  1. Download SSL VPN Client for Linux.

The latest SSL VPN Client for Linux can be downloaded from 
Product Downloads and Free Trials.

To download the software:
 
0.png

 

 

  • Scroll-Down to FortiClient VPN and download the .deb or .rpm build.

1.png

 

Older versions can be downloaded from the Fortinet Customer Service & Support web portal.
 
To download the software:
 
  • Log in to the Fortinet Customer Service & Support web portal at https://support.fortinet.com and select on ‘Download’ tab, then ‘Firmware Images’.  On the next page, select the ‘Download’ tab.

 

0_1.png

 

  • The latest available on the support portal version can be found under FortiGate firmware version 5.4.4 and find SSL VPN Client for Linux under VPN -> SSLVPNTools folder.

 

0_2.png

 

0_3.png

 

  • Select ‘HTTPS’ to download and save the file.

 

0_4.png

 

 

  1. How to run FortiClient SSLVPN for Linux:

Via Linux Terminal, go to the folder where the file has been downloaded and using the package manager install the FortiClient.

 

To install on Ubuntu:

 

In a terminal window, run the following command:

 

$ sudo apt-get install <FortiClient installation deb file>

 

To install on Fedora:

 

In a terminal window, run the following command:

 

$ sudo dnf install <FortiClient installation rpm file> -y

 

 

  1. Configuration of the GUI FortiClient SSL VPN.

 

  • Type the IP of FortiGate and port, username/password and select ‘Connect’.
  • If the SSL VPN connection requires Proxy, certificate or other advance settings, select ‘Settings’.
  • Under ‘Settings’, more SSL VPN profiles can be added by selecting ‘+’ button.
  • If a certificate warning is displayed, select ‘Continue’ to proceed.
  • Once connected, check which IP has been assigned by running ‘ifconfig’.  The name of the interface is ppp0 and the routing table with ‘route’
  1. Configuration of the CLI SSL VPN Client:


  • Run ./forticlientsslvpn_cli  to display all available configuration options
  • If the SSL VPN connection only requires username/password, run: ./forticlientsslvpn_cli --server <IP of the FortiGate>:<port> --vpnuser <username>.
  • Press Enter and FortiClient will request the password for the username.
  • If the connection is successful, a STATUS::Connected message will be displayed, otherwise if the password is incorrect, error ‘SSLVPN down unexpectedly with error:2’ will appear.