FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Article Id 196863


This article describes the steps to install an SSL VPN client in Linux.
  • Ubuntu or CentO Linux distributions.
  • SSL VPN is already configured on the FortiGate.
  • SSL VPN Client software for Linux.


A Fortinet Support Contract is not necessary in order to download the Linux Version of the SSL VPN Client.
  1. Download SSL VPN Client for Linux.

The latest SSL VPN Client for Linux can be downloaded from 
Product Downloads and Free Trials.

To download the software:


  • Scroll-Down to FortiClient VPN.



  • Download the .deb or .rpm build.


Older versions can be downloaded from the Fortinet Customer Service & Support web portal.
To download the software:
  • Log in to the Fortinet Customer Service & Support web portal at
  • Select on ‘Download’ tab, then ‘Firmware Images’.  On the next page, select the ‘Download’ tab.
  • The latest available on the support portal version can be found under FortiGate firmware version 5.4.4 and find SSL VPN Client for Linux under VPN -> SSLVPNTools folder.
  • The name of the file has the following format: fortinclientsslvpn_linux_<version>.tar.gz
  • Select ‘HTTPS’ to download and save the file.
  1. How to run FortiClient SSLVPN for Linux:

    • Via the file explorer, select the file and extract its files. Open the folder that matches the architecture of the Linux distribution and run ‘forticlientsslvpn’
    • Via Linux Terminal, go to the folder where the file has been downloaded and extract it with tar –xvf forticlientsslvpn_linux<version>.tar.gz
    • Open the FortiClient folder, and run ./ & (if Linux distribution is known, open either 32Bits or 64bits folder and run ./forticlientsslvpn &)
    • Under either the 32-bit or 64-bit folder, it is possible to find the CLI version of FortiClient.

  1. Configuration of the GUI FortiClient SSL VPN
    • Type the IP of FortiGate and port, username/password and select ‘Connect’.
    • If the SSL VPN connection requires Proxy, certificate or other advance settings, select ‘Settings’.
    • Under ‘Settings’, more SSL VPN profiles can be added by selecting ‘+’ button.
    • If a certificate warning is displayed, select ‘Continue’ to proceed.
    • Once connected, check which IP has been assigned by running ‘ifconfig’.  The name of the interface is ppp0 and the routing table with ‘route’
  2. Configuration of the CLI SSLVPN Client
    • Run ./forticlientsslvpn_cli  to display all available configuration options
    • If the SSL VPN connection only requires username/password, run: ./forticlientsslvpn_cli --server <IP of the FortiGate>:<port> --vpnuser <username>.
    • Press Enter and FortiClient will request the password for the username.
    • If the connection is successful, a STATUS::Connected message will be displayed, otherwise if the password is incorrect, error ‘SSLVPN down unexpectedly with error:2’ will appear.