Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Uwe_Sommerfeld
New Contributor

Forticlient EMS 1.2: unable to define an IPSEC VPN without xauth user prompt

Hi everyone,

 

I need to use an IPSEC VPN connection for automatic dial-in using (machine) certificates. This used to work in EMS 1.0.5 using an XML configuration that disables xauth.

However the xml parser in EMS 1.2 seems to always add

<xauth>

<enabled>1</enabled> 

and

<username></username>

 

I tried to implement a dummy xauth user as a workaround but the username gets deleted as well.

 

So I am stuck here with no more working VPN connection and it seems I need a downgrade. However I need to use compliance as well which did not seem to work with EMS 1.0.5.

 

Any ideas?

 

Uwe

 

2 REPLIES 2
ergotherego
Contributor II

There is a bug in the XML parser in EMS 1.2 - its in the release notes under known issues. It screws up some other things as well, like the port to use in the remote gateway for SSLVPN.

 

You can try to push it to a client anyway, and see what settings they actually receive. TAC told me that it should be limited to the XML parser only, and not actually affect the settings pushed.

Uwe_Sommerfeld

Yeah well I tested this and my Settings are never pushed though. So EMS 1.2 is unusable for me.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors