I realize that fortigate has gone from totally free VPN to "if you want to REALLY use VPN you gotta pay ". that's one of the PRIMARY reasons i started using FG back in 2013 (free VPN) but the bait and switch is beside the point. i have funds. I need one thing only: VPN connect prior to logon in windows
From what i gather i need the licensed EMS setup. Is that correct? what if i only have 10 machines and don't want any of the other 'features' of EMS? i don't want to have to plunk down $1000 for Server 2019 or commit resources to running it. Like i said, pre-login connect and possibly 'auto-connect" or 'stay connected' functionality are all i care about. ZERO need to manage machines en masse. Plenty of time to configure each one by hand. HAPPY to pay whatever fortinet wants for the advanced VPN licenses.
Question is, is the EMS server and all the associated expenses required to deploy these licenses or can i just buy them and add the license to each laptop install to unlock the features?
I have clients that do millions of revenue annually and only have 10-50 users. Until 'full-cloud' becomes a tad more mainstream (AAD and Intune machine management) and granular, we're still forced to deploy a full Microsoft domain on-site for file sharing if nothing else. In a small company that typically means ONE DC, backed up three times/places, and no additional servers.
I'm don't want to put this on a DC. Just wouldn't be smart. So it requires an additional server. And that server is likely gonna need to be in a DMZ, which although fairly straightforward, adds a level of network complexity that is simply not necessary for a small company.
So, to where MS RRAS offers fairly secure L2TP capability, fully manageable pre-login VPN etc, the competing Fortinet solution involves thousands of dollars of equipment, software and configuration. that's fine...for my client with 250 users. But for the 10-50 user company with 1 server and 8-15 VPN users...the target company for a device like the 60E or 60F....you basically have to step up to this multi-thousand dollar solution. that makes no sense. It costs more than the damn 60F and three years of security services JUST to have pre-login VPN. I realize that corporate markets are where the money is for Fortinet, but that's just crazy. There's gotta be a better way. They either want to cater to the Small SMB market or they don't. Their myriad offerings of 60-100 level devices would indicate that they do....but the cost of implementing something so simple would indicate otherwise. Ticks me off to be honest, especially after putting 50 or more of these devices in the field. I don't even think it's a money-grab. It's just a bone-headed oversight which indicates Small SMB is third tier.
"Hey client, yes i know it was a stretch to spend $2500 on a firewall and three years of services, and I know it was a stretch to install that $500 a month Datto device...but now, in order for your full time remote users to USE the fancy firewall get any group policies applied, you need to plunk down $5000 additional of server software, network config and VPN management software that we did not require previously and set up in 5 minutes free (SSL VPN and Forticlient 5) and was working perfectly."
sorry. rant over. already trapped in the ecosystem. nothing can be done now.