Technical Tip: How to push custom VPN tunnels to FortiSASE managed endpoints

anderson_yee · ‎09-03-2024

Description

This article describes how to push custom VPN tunnels (SSL or IPSec VPN) to FortiSASE managed endpoints.

Scope

FortiSASE, Custom VPN, Endpoint profiles.

Solution

Prerequisites:

Endpoint users have installed FortiClient and are onboarded to FortiSASE with the invitation code.
FortiClient status is connected to FortiClient EMS Cloud.

On FortiSASE Portal, create a new endpoint profile for specific users under Configuration -> Endpoints -> Profiles -> Create.
e.g. An endpoint profile named 'Anderson' for non-AD user groups is created.

Under the endpoint profile, create the custom VPN tunnels (SSL or IPSec VPN) under Connection -> VPN available to users'
e.g. A custom SSL VPN tunnel for the remote gateway (10.92.99.44:10443) is configured.

custom sslvpn.png

Ensure that the endpoint profile is not being overridden by other profiles for the users/user group. Managed endpoints of the assigned profile can be viewed under Profiles -> View Endpoints.

After configuring the custom VPN tunnels, users assigned with the created endpoint profile should receive the custom VPN tunnels after the next EMS telemetry sync.