Help
Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zoriax
New Contributor III

Created on ‎05-12-2022 03:52 AM

FortiClient EMS : Per-Machine VPN

Hi everyone !


I'm a bit confuse on per-machine VPN and <machine> tag on FortiClient configuration. Let me explain a bit what I will do.

 

I will auto-connect a VPN before logon (and keep it active) when I'm off-fabric (test on pinging an on-fabric device). I set a couple of options and as I can see my VPN auto-connect correctly before logon without the tag <machine> enabled.

 

I have on my VPN xml : 

 

<keep_running>1</keep_running>

 

<show_vpn_before_logon>1</show_vpn_before_logon>

<on_os_start_connect>MY VPN</on_os_start_connect>

<on_os_start_connect_has_priority>1</on_os_start_connect_has_priority>

<autoconnect_tunnel>MY VPN</autoconnect_tunnel>
<autoconnect_only_when_offnet>1</autoconnect_only_when_offnet>

 

With and without <machine> tag the behavior is the same. 

 

So what is the use of this tag and in this case what is the correct configuration ??? 

 

Many thanks for your help ! 

Labels:
213
0 Kudos
2 REPLIES 2
zoriax
New Contributor III

Created on ‎05-12-2022 06:12 AM Edited on ‎05-12-2022 06:14 AM

To be more precise, my question is what is the correct configuration to add an always-on and machine (before login) VPN with auto-connect when off fabric ?

 

autoconnect_tunnel with autoconnect_only_when_offnet works fine together but what appends if machine flag is set to 1 ? It's a bit confuse for me...

182
0 Kudos
zoriax
New Contributor III

Created on ‎05-12-2022 07:34 AM

On documentation, with on_os_start_connect I must enable <machine>. But in fact, with <machine> tag set to 0 the behavior is better : 

1) VPN connects before logon more quickly

2) VPN re-connects correctly after power-saving

 

Please could you help me ?

178
0 Kudos
Labels
Top Kudoed Authors
View all

Contact Us