FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
irodriguez_FTNT
Description
This article provides the steps to install SSL VPN client in Linux.

Requirements:
  • Ubuntu or CentO Linux distributions
  • SSL VPN already configured on the FortiGate
  • SSLVPN Client software for Linux

Solution
NOTE:
A Fortinet Support Contract is not necessary in order to download the Linux Version of SSLVPN Client.

1) Download SSLVPN Client for Linux.

Latest SSLVPN Client for Linux can be downloaded from: https://www.fortinet.com/support/product-downloads.
To download the software:
•    Open the link: https://www.fortinet.com/support/product-downloads.
•    Scroll-Down to FortiClient VPN.
•    Download the .deb or .rpm build.
Older versions can be downloaded from the Fortinet Customer Service & Support web portal.
 
To download the software:
•    Log in to the Fortinet Customer Service & Support web portal at https://support.fortinet.com
•    Select on ‘Download’ tab, then ‘Firmware Images’.  On the next page, click on ‘Download’ tab
•    The latest available on the support portal version can be found under FortiGate firmware version 5.4.4. You will find SSLVPN Client for linux under VPN > SSLVPNTools folder
•    The name of the file has the following format: fortinclientsslvpn_linux_<version>.tar.gz
•    Click on ‘HTTPS’ to download and save the file.


2) How to run FortiClient SSLVPN for Linux
  • Via the file explorer, right-click on the file and extract its files. Open the folder that matches the architecture of your Linux distribution and run ‘forticlientsslvpn’
  • Via Linux Terminal, go to the folder where the file has been downloaded and extract it with  tar –xvf forticlientsslvpn_linux<version>.tar.gz
  • Open the FortiClient folder, and run ./fortisslvpn.sh & (if you know Linux distribution, open either 32Bits or 64bits folder and run ./forticlientsslvpn &   )
  • Under either 32bits or 64bits folder, you can find the CLI version of FortiClient

3) Configuration of the GUI FortiClient SSLVPN
  • Type the IP of FortiGate and port, username/password and click on ‘Connect’
  • If the SSL VPN connection requires Proxy, certificate or other advance settings, click on ‘Settings’
  • Under ‘Settings’, more SSL VPN profiles can be added by clicking on ‘+’ button.
  • If a certificate warning is displayed, click on ‘Continue’ to proceed
  • Once connected, check which IP has been assigned by running ‘ifconfig’.  The name of the interface is ppp0 and the routing table with ‘route’

4) Configuration of the CLI
SSLVPN Client
  • Run ./forticlientsslvpn_cli   to display all available configuration options
  • If the SSL VPN connection only requires username/password, run: ./forticlientsslvpn_cli --server <IP of the FortiGate>:<port> --vpnuser <username>
  • Press Enter and FortiClient will request the password for the username.
  • If the connection is successful,  a STATUS::Connected message will be displayed, otherwise if the password is incorrect, error ‘SSLVPN down unexpectedly with error:2’ will appear.

Contributors