Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

FortiClient EMS : Per-Machine VPN

Hi everyone !

I'm a bit confuse on per-machine VPN and <machine> tag on FortiClient configuration. Let me explain a bit what I will do.


I will auto-connect a VPN before logon (and keep it active) when I'm off-fabric (test on pinging an on-fabric device). I set a couple of options and as I can see my VPN auto-connect correctly before logon without the tag <machine> enabled.


I have on my VPN xml : 





<on_os_start_connect>MY VPN</on_os_start_connect>


<autoconnect_tunnel>MY VPN</autoconnect_tunnel>


With and without <machine> tag the behavior is the same. 


So what is the use of this tag and in this case what is the correct configuration ??? 


Many thanks for your help ! 


To be more precise, my question is what is the correct configuration to add an always-on and machine (before login) VPN with auto-connect when off fabric ?


autoconnect_tunnel with autoconnect_only_when_offnet works fine together but what appends if machine flag is set to 1 ? It's a bit confuse for me...


On documentation, with on_os_start_connect I must enable <machine>. But in fact, with <machine> tag set to 0 the behavior is better : 

1) VPN connects before logon more quickly

2) VPN re-connects correctly after power-saving


Please could you help me ?