Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jpauling
New Contributor

Forticlient Configurations are exported and un-usable across platforms

Hi there;

 

We have deployed several Fortigate IPSec Hardware boxes accross 5 regions and more than 10 DC's.

 

The configuration procedure being supplied as a backup/restore into the official fortigate client appears to be un-usable across all three major platforms with the official client.

 

I.e It appears to include Windows Specific secrets scripting and Certifcate store information.

 

Attempting to import/restore it into either the MacOSX or Linux fortigate clients results in no population of remote access selection that appears when testing with a Privileged Windows 10 account. Also note that even our Corporate Win10 Image with default Group Security policy is unable to use the config.

 

The irony of needing an insecure privileged windows10 machine to administer a Secure Linux Cluster is not lost on me.

 

This is a major issue, and since this is a large deployment and the local Fortigate support personnel (which I believe are Singapore based, this project spans 5 countries in SE Asia) have been unable or unwilling to advise the local BU's on how to create Platform Agnostic configuration examples I am reaching out to the wider community here.

 

Having studied the XML format there are several sections which are likely the problem. There appears to be a hashing/encoding scheme used to protect the user and pre-shared key sections. What is this? Since this is an IPSec firewall knowing these values and what hash scheme is used by the forticlient to read these would enable any ipsec client to be used in place.

 

The following screenshots show ones of the suspect sections in the XML. However removing these and other windows specific references does not resolve the non-population of client in either macosx or linux.

 

 

 

3 REPLIES 3
jpauling
New Contributor

This is using version 6.xxxxx of the client (latest as of last week) on all platforms.

emnoc
Esteemed Contributor III

In your screenshot it was not clear on  the sections, but can you remove the sections from the XML and retest?

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
jpauling
New Contributor

As mentioned in the original post I edited out all the windows specific os and references to cert store... No nice. Same behaviour. I think the export/import is broken generally across platforms.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors