Hello all,
FortiOS 7.2.4
EMS Server 7.0.7
Forticlient Enterprise on Android 7.0.7.0068
I have configured an IPSEC dial up connection in EMS server. This works perfectly but not "auto connect, Save password and Always UP.
After the IPSEC config was rolled out over EMS it works once, after disconnect alle 3 options are gone away and i must reenter my password on every connection. The strange thing... i see that user and "password" are saved in the forticlient.
The next strange thing... the options:
are not availabel anymore to configure... so were they are???
Only on EMS they are available, and yes i checked all boxes :)
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 03-13-2023 08:20 AM Edited on 03-13-2023 08:23 AM
Could now FINALLY solve it. Last problem was still this option:
set authusrgrp "vpn"
this give me this strange loginscreen. I had to say "User Group Inherited from policy." After that it works normal.
And of course, in summary, a large part of the solution:
To unset the unity option, and after you can set password save options:
unset unity-support
set client-auto-negotiate enable
set save-password enable
set client-keep-alive enable
:)
Hello,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
Can you please confirm if the below options is also enable on FGT side too,
Please refer below documentation
https://community.fortinet.com/t5/FortiClient/Technical-Tip-FortiClient-EMS-Auto-connect-a-VPN-Tunne...
if the above option is not available in FGT side, I would suggest reporting a ticket with the FGT team with the valid FGT serial number.
Regards
fw01 (zuhause-IPSEC) # set save-password enable
Yes, I already knew the article. When I want to set this in the IPSEC, the Fortigate does not recognize it.
command parse error before 'save-password'
Command fail. Return code -61
Now I have created a new VPN with the wizard, and activated the options in the wizard. Then there is the option. Strange.
Are there any dependencies to the options? Here are my vpn-configs. Here are my both configs. The first is the created testvpn, the option are set there.
set type dynamic
set interface "wan1"
set mode aggressive
set peertype any
set net-device disable
set mode-cfg enable
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set comments "VPN: testvpn1 (Created by VPN wizard)"
set xauthtype auto
set authusrgrp "vpn"
set ipv4-start-ip 10.1.1.1
set ipv4-end-ip 10.1.1.5
set dns-mode auto
set save-password enable
set client-auto-negotiate enable
set client-keep-alive enable
The second one is my real config, there it is not possible the set "save-password or "keep-alive".
set type dynamic
set interface "wan1"
set peertype any
set net-device enable
set mode-cfg enable
set ipv4-dns-server1 192.168.1.1
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set dpd on-idle
set comments "zuhause-IPSEC"
set xauthtype auto
set assign-ip-from name
set ipv4-split-include "secure-surf-routing"
set ipv4-name "IPSEC_TUNNEL_ADDR1"
set unity-support disable
set dpd-retrycount 10
set dpd-retryinterval 60
And again one step further.
Blame was the option: unity-support disable
No idea what this does. But if I throw this option out, the other options can be set successfully.
Now i see on my Android, and Windows11 (yes i tested it also with Windows), option for save password, keep alive and autoconnect. But now the next strange thing. After i conneced with the vpn successfully. I get in the webbrowser an special auth from the fortigate... WTF
The same on the Android... anyone an idea?
Created on 03-13-2023 08:20 AM Edited on 03-13-2023 08:23 AM
Could now FINALLY solve it. Last problem was still this option:
set authusrgrp "vpn"
this give me this strange loginscreen. I had to say "User Group Inherited from policy." After that it works normal.
And of course, in summary, a large part of the solution:
To unset the unity option, and after you can set password save options:
unset unity-support
set client-auto-negotiate enable
set save-password enable
set client-keep-alive enable
:)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.