I recently upgraded my Fortigate to Firmware 6.2. The first thing I noticed was that my older 6.0.4 Forticlient version would no longer connect using its IPSEC VPN profile. After a call with Fortinet support they concluded that only new Forticlient version 6.2 would work with FG 6.2 This indeed does seem to be the case.
This gets me to my current issue: The “Enable VPN before logon” option has been removed from 6.2. This setting is a major ‘bread and butter’ setting enabling remote users to do proper domain logins from remote and apply Group Polices etc. I raised this with Fortinet support who confirmed the feature had been removed:
I would like to mention that starting with FCT 6.2.0 many things has changed, Free Forticlient 6.2.0 comes up with basic and limited VPN functionality and if you want to use full functionality of 6.2.0, EMS licenses has to be procured.
Please refer below FCT compatibility guide for your reference .
and that was final and to get in contact with Fortinet Sales
Note: I use the free license for Forticlient just needing to use VPN functionality.
I have been desperately been trying to figure out alternatives such as:
L2TP Windows native – This works with enable before logon but has limitations as well as FG authentication issues meaning users don’t get authenticated to IPv4 polices – Ongoing ticket with Fortinet support
A 3rd Party VPN client connecting to FG via SSL VPN – I thought I could get OpenVPN client connecting but this doesn’t appear to work
I have now gone full circle and re-investigating the Forticlient. I noticed when backing up the config and opening with notepad++ there is an option <show_vpn_before_logon>. If I change this to “1” and then import the config, this doesn’t appear to take any effect on the Forticlient/Windows shell config.
It appears Fortinet have done everything in their power to make the free version useless.
Am I flogging a dead horse? I just can’t believe removing this Windows logon feature wouldn’t cause a major backlash from Forticlient customer base? If I have no alternative than to spend more money, what is the minimum product/license I need to purchase?