Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DiNet
New Contributor

SSL-VPN and iOS issues

Hi,

I've got a weird issue on one of my clients site. The finally moved from pptp to ssl-vpn and androids/windows work flawless. However, all ipads and iphones are not able to connect via RDP with forticlient. Anyone got any ideas? The worst part is I don't got any iOS device to actually test it from my office, but would be awesome if someone got any pointers on what to look for when I'll go to client to try fixing the issue.

1 Solution
volkovski
New Contributor III

Hello,

I'm currently  facing probably the same issue. I found out that there is an iOS Forti client but it only works in "WEB MODE" ie. you can only access web based services. I don't know the reason why fortinet does not support full access mode on iOS devices... probably due to iOS kernel implementation.  I've tried to connect via cisco anyconnect client, but it does not work yet, Im trying to figure out why...

View solution in original post

3 REPLIES 3
volkovski
New Contributor III

Hello,

I'm currently  facing probably the same issue. I found out that there is an iOS Forti client but it only works in "WEB MODE" ie. you can only access web based services. I don't know the reason why fortinet does not support full access mode on iOS devices... probably due to iOS kernel implementation.  I've tried to connect via cisco anyconnect client, but it does not work yet, Im trying to figure out why...

DiNet

volkovski wrote:

Hello,

I'm currently  facing probably the same issue. I found out that there is an iOS Forti client but it only works in "WEB MODE" ie. you can only access web based services. I don't know the reason why fortinet does not support full access mode on iOS devices... probably due to iOS kernel implementation.  I've tried to connect via cisco anyconnect client, but it does not work yet, Im trying to figure out why...

Forgot to say thank you!

Reply was quoted in email notification.

Damn shame it works that way. Well, the absolutely worst part is that there is no red flag about that! As an outsource company I promised client that everything will work perfect and moved them from PPTP to ssl-vpn... imagine my frustration when at least 60% of company (~150users) cannot use ssl-vpn from their ipads/iphones...

 

 

emnoc
Esteemed Contributor III

Well, the absolutely worst part is that there is no red flag about that! As an outsource company I promised client that everything will work perfect and moved them from PPTP to ssl-vpn... imagine my frustration when at least 60% of company (~150users) cannot use ssl-vpn from their ipads/iphones...

 

That's why you have to read the notes and do a PoC ( proof of concept ). So here's your alternative, build a dialup access for the ipads/iphones.  You can use the same groups and have the same access but just require these other devices to access via vpn-ipsec or vpn-ipsec-l2tp.

 

Now the only bad thing is the fact configuration management could become slightly more tedious but overall this is the only workable solution you have.

 

Another solution but use a cisco device for a webvpn access. I've done that a dozen time now with  ASA 5510s used in a corporate environment. The $price$ will be way much higher than a fortigate  solution but this great if you have concerns over ipsec allowance from distant remote locations.

 

In one of instance, we plugged a  cisco ASA5510 with a public-access and port443 mapped for webvpn access and use this as our sole ssl vpn access gateway.

 

 

 

 

 

PCNSE 

NSE 

StrongSwan