Hi there;
We have deployed several Fortigate IPSec Hardware boxes accross 5 regions and more than 10 DC's.
The configuration procedure being supplied as a backup/restore into the official fortigate client appears to be un-usable across all three major platforms with the official client.
I.e It appears to include Windows Specific secrets scripting and Certifcate store information.
Attempting to import/restore it into either the MacOSX or Linux fortigate clients results in no population of remote access selection that appears when testing with a Privileged Windows 10 account. Also note that even our Corporate Win10 Image with default Group Security policy is unable to use the config.
The irony of needing an insecure privileged windows10 machine to administer a Secure Linux Cluster is not lost on me.
This is a major issue, and since this is a large deployment and the local Fortigate support personnel (which I believe are Singapore based, this project spans 5 countries in SE Asia) have been unable or unwilling to advise the local BU's on how to create Platform Agnostic configuration examples I am reaching out to the wider community here.
Having studied the XML format there are several sections which are likely the problem. There appears to be a hashing/encoding scheme used to protect the user and pre-shared key sections. What is this? Since this is an IPSec firewall knowing these values and what hash scheme is used by the forticlient to read these would enable any ipsec client to be used in place.
The following screenshots show ones of the suspect sections in the XML. However removing these and other windows specific references does not resolve the non-population of client in either macosx or linux.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This is using version 6.xxxxx of the client (latest as of last week) on all platforms.
In your screenshot it was not clear on the sections, but can you remove the sections from the XML and retest?
PCNSE
NSE
StrongSwan
As mentioned in the original post I edited out all the windows specific os and references to cert store... No nice. Same behaviour. I think the export/import is broken generally across platforms.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1666 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.