Description

This article describes how to connect the FortiClient SSL VPN from the command line.

Scope

FortiClient.

Solution

The full FortiClient installation cannot be used for command line VPN tunnel access.
To use FortiClient in the command link, FortiClientTools is required. To download and use FortiClientTools: 

1. Navigate to the support site: https://support.fortinet.com/ -> Support -> Firmware Download.
2. Select Product = FortiClient -> Download -> Select corresponding version -> Download the FortiClientTools zip file. 
3. Extract FortiClientTools.
4. From the command prompt on the client computer, navigate to the SSLVPNcmdline folder. For example: 'cd C:\Users\Fortinet\Downloads\FortiClientTools_7.4.0.1658\SSLVPNcmdline\x64'.
5. Run 'FortiSSLVPNclient.exe'. A pop-up will appear. 
   
   

    

6. Enter Connection Name, Server Address, Username, Password, Client Certificate (If required).
   Note: Enable 'Do not warn about server certificate validation failure' if a client certificate is being used.
7. Select 'Connect'.

Notes:

To connect from the command prompt only without getting the pop-up, all information must be specified as follows:

FortiSSLVPNclient.exe connect -s connection_name -h FortiGate_IP:port -u username:password -i -m -q

For example: 

FortiSSLVPNclient.exe connect -s MyCompanyName -h 192.168.10.1 -u guest:vpn123 -i -m -q

Command Line Usage:

Usage:  FortiSSLVPNclient.exe <subcommand> [options] [args]

e.g. FortiSSLVPNclient.exe connect -s MyCompanyName  -i -m -q (No Certificate)
e.g. FortiSSLVPNclient.exe connect -s MyCompanyName -c FCT.net:earth-EARTH-CA -i -m -q (with Certificate)

Commands

Sub-Commands

Usage

Link to download FortiClient:

Fortinet Product Downloads