Hi everyone !
I'm a bit confuse on per-machine VPN and <machine> tag on FortiClient configuration. Let me explain a bit what I will do.
I will auto-connect a VPN before logon (and keep it active) when I'm off-fabric (test on pinging an on-fabric device). I set a couple of options and as I can see my VPN auto-connect correctly before logon without the tag <machine> enabled.
I have on my VPN xml :
<keep_running>1</keep_running>
<show_vpn_before_logon>1</show_vpn_before_logon>
<on_os_start_connect>MY VPN</on_os_start_connect>
<on_os_start_connect_has_priority>1</on_os_start_connect_has_priority>
<autoconnect_tunnel>MY VPN</autoconnect_tunnel>
<autoconnect_only_when_offnet>1</autoconnect_only_when_offnet>
With and without <machine> tag the behavior is the same.
So what is the use of this tag and in this case what is the correct configuration ???
Many thanks for your help !
To be more precise, my question is what is the correct configuration to add an always-on and machine (before login) VPN with auto-connect when off fabric ?
autoconnect_tunnel with autoconnect_only_when_offnet works fine together but what appends if machine flag is set to 1 ? It's a bit confuse for me...
On documentation, with on_os_start_connect I must enable <machine>. But in fact, with <machine> tag set to 0 the behavior is better :
1) VPN connects before logon more quickly
2) VPN re-connects correctly after power-saving
Please could you help me ?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.