Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Michael_Camp
New Contributor

Created on ‎08-23-2024 07:55 AM

JSON for deploying a Managed configuration Forticlient VPN to Chrome Devices in Google Workspace

We are deploying Forticlient VPN ver: 7.2.4.0138 to about 400+ Chromebooks and Chromeboxes.

We are trying to push out a Managed configuration with the deployment from Google Workspace.

The managed configuration requires a JSON file. We can find no reference for field/key names required for this nor what fields/keys absolutely have to be present for it to work. We have experimented with field/key names based on an export of a forticlient vpn from a windows machine with no success. We continue to receive the following error on our chrome devices. "Discarding policy for component app:com.fortinet.forticlient_vpn due to data validation failure: The JSON blob dictionary value doesn't contain the required Value field" 

 

The client deploys without issue, the actual VPN works without issue when manually configured. We are not Fortinet customers, we have a 3rd party vendor who provides the VPN but has refused to help with the JSON configuration. Can anyone provide a reference/document that would contain the needed fields/keys? or Perhaps give a sample working JSON that we could modify for our own situation? If we could just get the JSON file to create the basics we could experiment/add from there.

The below is a variant of what we have tried, with many different variations for each(all giving the error listed above):

 

{
"Value": {
"vpn": {
"DisplayName": "Our Company VPN",
"VpnType": "SSL",
"Host": "remote.ourcompany.com",
"Port": 443
}
}
}

 

 

Labels:
1381
0 Kudos
5 REPLIES 5
travisa
New Contributor

Created on ‎08-24-2024 12:27 PM Edited on ‎08-24-2024 12:32 PM

@Michael_Camp wrote:

We are deploying Forticlient VPN ver: 7.2.4.0138 to about 400+ Chromebooks and Chromeboxes.

We are trying to push out a Managed configuration with the deployment from Google Workspace.

The managed configuration requires a JSON file. We can find no reference for field/key names required for this nor what fields/keys absolutely have to be present for it to work. We have experimented with field/key names based on an export of a forticlient vpn from a windows machine with no success. We continue to receive the following error on our chrome devices. "Discarding policy for component app:com.fortinet.forticlient_vpn due to data validation failure: The JSON blob dictionary value doesn't contain the required Value field"  

 

The client deploys without issue, the actual VPN works without issue when manually configured. We are not Fortinet customers, we have a 3rd party vendor who provides the VPN but has refused to help with the JSON configuration. Can anyone provide a reference/document that would contain the needed fields/keys? or Perhaps give a sample working JSON that we could modify for our own situation? If we could just get the JSON file to create the basics we could experiment/add from there. urdu novels pdf download

The below is a variant of what we have tried, with many different variations for each(all giving the error listed above):

 

{
"Value": {
"vpn": {
"DisplayName": "Our Company VPN",
"VpnType": "SSL",
"Host": "remote.ourcompany.com",
"Port": 443
}
}
}

 

 

It seems like the JSON configuration you’re using is missing some required fields or might be incorrectly structured. The error indicates that the JSON blob doesn't contain the necessary "Value" field for the Forticlient VPN.

To resolve this, you can use a sample JSON configuration structure that aligns with what Google Workspace requires for deploying managed configurations.

1334
0 Kudos
Michael_Camp
New Contributor
In response to travisa

Created on ‎08-26-2024 09:29 AM

Thank you for your response. I don't think this is a Google Workspace requirement issue. I know with the other apps we push out, the JSON keys/parameters are clearly defined in the documentation for those apps. For example our JSON file for Zoom is as follows: { "AutoLoginWithChromeBookUserAccount": true } . That is the simplest one, some are more complex but there are no over arching requirements other than to be in JSON format. So compared to other apps we push out, the keys/paramaters/requirements will be determined by forticlient_vpn ... which I can find no documentation for. 

 

1271
0 Kudos
Jakob-AHHG
Contributor II

Created on ‎08-26-2024 11:52 AM

Not sure if it helps, but here is the XML version of our working setup::

 

<?xml version='1.0' encoding='utf-8'?>
<sslvpn-tunnel ver='2' dtls='1' patch='1'>
<dtls-config ver='2' heartbeat-interval='10' heartbeat-fail-count='10' heartbeat-idle-timeout='10' client-hello-timeout='10' />
<tunnel-method value='ppp' />
<tunnel-method value='tun' />
<tunnel-method value='websocket' />
<auth-ses check-src-ip='1' tun-connect-without-reauth='0' tun-user-ses-timeout='30' />
<client-config save-password='on' keep-alive='on' auto-connect='on' />
<ipv4>
   <split-dns domains='domain-one.com,domain-two.dk' dnsserver1='ip-of-dnsserver1' dnsserver2='ip-of-dnsserver2' />
   <dns domain='domain-one.com;domain-two.dk' />
   <dns ip='ip-of-dnsserver1' />
   <dns ip='ip-of-dnsserver2' />
   <assigned-addr ipv4='10.10.2.151' />
      <split-tunnel-info>
      <addr ip='10.0.0.0' mask='255.0.0.0' />
      <addr ip='172.16.0.0' mask='255.240.0.0' />
      <addr ip='192.168.0.0' mask='255.255.0.0' />
      <addr ip='185.17.194.50' mask='255.255.255.255' />
   </split-tunnel-info>
</ipv4>
<idle-timeout val='0' />
<auth-timeout val='28800' />
</sslvpn-tunnel>

 

See if you can convert those field/keys to JSON..? 

I think split-tunnel-info is pushed from the FG, but not sure.. it's routes from the policy the user is a member of.

Jakob Peterhänsel,
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Jakob Peterhänsel,IT System Admin,Arp-Hansen Hotrel Group A/S, Copenhagen, DK
1254
0 Kudos
kiranmayi
New Contributor

Created on ‎01-16-2025 11:12 PM

Hi @Jakob , I am also facing the same issue. While we can successfully create and deploy the EMS configuration, we encounter problems with SSL pre-configuration. The VPN application installs correctly, but the settings are not pre-configured. Could you please provide the JSON required for managing the configuration for VPN type SSL?

492
0 Kudos
Jakob-AHHG
Contributor II
In response to kiranmayi

Created on ‎01-17-2025 12:25 AM

I have not had time/focus on trying this out, so if anyone plays around with the XML data and get a working JSON, please share.

Jakob Peterhänsel,
IT System Admin,
Arp-Hansen Hotrel Group A/S, Copenhagen, DK
Jakob Peterhänsel,IT System Admin,Arp-Hansen Hotrel Group A/S, Copenhagen, DK
486
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.