Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RichV
New Contributor II

FortiGate 6.4 Web VPN and RDP

Hello,

   We installed a FortiGate 100F to  a new Site of ours. The are coming from SonicWall and had used the SMA with Web VPN. However, the SMA allowed the use of RDP when using the Web VPN while it looks like Fortinet uses HTML 5 only. Is there anyway other than Tunnel Mode to use the RDP Client when logging in via the Web Portal? The end users are not liking using the HTML Client to RDP into their onsite workstations.

 

Background:

   Currently the End Users when working from home use Personal PCs (not Company Owned) and RDP into the Compnay Desktop they use. This is why I do not want to use tunnel mode and install the FortiClient on their PCs. I know I can creat Policies to only allow RDP over the Client but there is still the mess of installing the client on their personal device. We do plan on moving them over to Company Owned Laptops so we can control updates and Antivirus/Antimalware. However, until this happens I would like to see if there is any posibility to use the RDP Client over the Web Portal.

3 REPLIES 3
Sachin_Alex_Cherian_

Hi,

When using SSL VPN you can connect either using web mode or the tunnel mode options in FGT. The web mode does not require you to use the client.

The RDP connection is expected to work over web mode as well.

You can either have a bookmark added or have a Quick connection created for the RDP once you connect over web mode. An example is explained below:

https://docs.fortinet.com/document/fortigate/6.4.8/administration-guide/763614/quick-connection-tool

 

A bookmark would need configuration as below to be done on the FG side:

config vpn ssl web portal
    edit "my-web-portal"
        set web-mode enable
        config bookmark-group
            edit "gui-bookmarks"
                config bookmarks
                    edit "Windows Server"
                        set apptype rdp
                        set host "192.168.1.114"
                        set port 3389
                        set logon-user "your-windows-server-user-name"
                        set logon-password your-windows-server-password
                    next
                end
            next
        end
    next
end

 

Regards,
Sachin.
RichV

Yes when in Web Mode the RDP Service does work and a connection is created in the Web Browser. What we would like to do is use the Web Mode but allow the RDP Client to make the connection to the PC or Server. This works with SonicWall SMA but I cannot do this in the Fortinet.

Sachin_Alex_Cherian_

If you want to use the native RDP client on the local machine you have to use the tunnel mode option. Using web mode, you might not be able to do the same.

Regards,
Sachin.
Labels
Top Kudoed Authors