Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
maiyaa
New Contributor

Forticlient issues in this sub making me think twice

I am coming from mainly deploying Cisco and their AnyConnect client for vpn . I have no issues with the fortigates firewalls and feel comfortable that they they replace my deployments for clients , but seeing all these VPN issues relating to the Fortinet client here is making me think twice . Even on the Cisco sub you don’t see too many issues . This even the case with their newer FTDs . All that have or are still dealing with Cisco AnyConnect, how has your transition to Forticlient compare ? It seems like there issues with free or even the licensed one when you get the EMS server . Am I over thinking this ? I just don’t want to add something else to lose sleep over . Thank you in advance…

10.0.0.0.1 192.168.1.254
1 REPLY 1
sw2090
Honored Contributor

hm yeah FortiClient does have some issues. It tends to have problems to connect if your internet connection is too poor quality.

I also noticed that for some reason it sometimes gets stuck at the very end of establishing an ipsec vpn. IKE log says it did everything vom p1 proposal negotiation over xauth to mode-config and the vpn should be established just forticllient does not finish it. I never found out why since there is no errors anywhere. (IPSec debugging is a pain in the *censored* anyways but that is not fortinet's fault - that's fail by design in ipsec).

Also FortiClient has the limit that it can only establish one vpn at the same time. If you need annother you have to disconnect the current one and connect the other.

FortiClient for Linux also still doesn't support IPSec vpn at all.

 

However the FGT do standard IPSec so you can use any ipsec client that can do the required ike version and proposals etc you need. We use the free IPSecuritas on several OSX Boxes without problems and  on Windows I also used the free shrew client. 

On Linux I also have it working using Strongswan.

So you are not chained to forticlient :)

Maybe the AnyConnect Client would work with FGT too?

 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors