FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
parthpatel
Staff
Staff
Article Id 273516
Description This article describes how to enable the DTLS option on a FortiClient managed by FortiEMS.
Scope FortiEMS, FortiClient.
Solution

When FortiClients are managed by FortiEMS, changes cannot be made directly on the FortiClient console. Changes need to be pushed by the administrator from FortiEMS.

 

If FortiClient is managed by FortiEMS, the settings options will be grayed out and no settings can be changed unless pushed by the EMS administrator:

 

VPN11.PNG

 

To enable DTLS through EMS, navigate to Endpoint Profiles -> Remote Access to select the profile which is used by the client. Many remote access settings can directly be changed under the Basic and Advanced tabs through GUI but there is no option to change DTLS settings directly on EMS GUI.

 

This change needs to be under the XML configuration tab. Add the line below under the <sslvpn><connections><options> section:


<preferred_dtls_tunnel>1</preferred_dtls_tunnel>

 

The value '1' will enable the DTLS option on FortiClient using that specific endpoint profile.

 

ems-xml.png

 

Once the change is made, the update will be pushed in the next sync update.

Starting with FortiClient EMS version 7.2.2, this option can be configured directly from 'Advanced' tab as below.

 

ems-gui-dtls.png