Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Chuck_Whiteley_III
New Contributor

FortiClient for VPN Question / Licensing

I' m pretty new to the Fortinet product line and we just purchased a Fortigate 800C. I found it very easy to setup the VPN and use the FortiClient to connect. Working great! I log into the console to find out that I only have 10 licenses for the FortiClient. I' m guessing that is the default setting. I only have the VPN portion of the client turned on. When I wrote support, they said I have to buy licenses for the client. I read somewhere that you don' t have to buy licenses if you' re only using the VPN portion. I' m not sure who to believe. If I have to buy licenses, I guess I will try to setup the VPN to work with the native VPN client within Windows although it looks kind of cumbersome. Any insight would be appreciated. Thank you in advance, Chuck
9 REPLIES 9
Fullmoon
Contributor III

fortigate has bundle 10 free licenses for forticlient, if you go beyond 10 then you must pay it. one way for you to have unlimited vpn connections is by using ssl vpn,it is a browser based,agent less and easy to handle. :)

Fortigate Newbie

Fortigate Newbie
emnoc
Esteemed Contributor III

fwiw; if all you need is the vpn portion & if you have microsoft L2TP supported clients like winows7/8 , vista or even macosx. Then L2TP/ipsec setup is not cumbersome and doe not require any 3rd party software installation. The third benefit, most Android/iOS devices has L2TP support. So you can easily build a profile that supports most BYODs & with one easy vpn configuration & you don' t have to install any additional client side software imho.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Baptiste
Contributor II

If you just want to connect a VPN , you can also use sslvpnclient (exe or msi), which is free and unlimited. You' ll find it in a sub-directory of FortiOS ( on Fortinet FTP)

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
adnan_sabir

do we also need liscense for site to site vpn...

Carl_Wallmark

To summarize this:

 

VPN on a FortiGate is free.

Both SSLVPN and IPSEC (dialup or site-to-site).

 

You don´t pay for the VPN part, but for webfiltering, application control, AV etc...

 

You can check it out here: http://www.forticlient.com

 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
adnan_sabir

my license is expired so it is showing 1/10 available forticlient.. i just wanted to confirm that we don not need any license for site to site vpn on fortigate ?

 

Carl_Wallmark

no you don´t.

 

You can hook up FortiClient to your FortiGate and do "compliance" checks, and there you need to pay for a license if you are going above 10 clients, but it has nothing to do with the VPN part.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Jim_FH
New Contributor III

I just went through this with my Fortigates.

 

As I understand it, the initial free 10 clients are for forticlients that you manage from the fortigate.  The clients register to the 'gate and you can set different options for them (AV, Web Filter, App Control), enforce compliance, etc.

 

If you don't plan on using the 'gate to manage the clients, you can connect as many clients as you want (up to the box's capacity, of course.)

 

So it's "free" for basic RA connectivity, licensed if you want the cool bells & whistles that come with the ability to manage the clients.

Jan_1966

All,

 

I think I found the solution for my problem. The VPN tunnel name is limeted to 15 Characters and each remote access gets a number. Since my tunnel interface is already 13 Characters adding the sequence number _0 makes it 15. So I can't go beyond Tunnel_name_9 as the _10 makes it 16 Characters.

 

I think I need to recreate the tunnel with a bit shorter name.

 

Thanks All

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors