Hello to you all,
Hopefully someone can help me with the following problem. We have a 1500D as central Firewall. Because of the high costs of buying the full set of licenses for the 1500D when we only need 500 forticlients we have bought a Fortigate VM with forticlient licenses. Now we want all the clients to register to the Fortigate VM and not the Fortigate 1500D.
We use DHCP option 224 with the serial number of the Fortigate VM. When installed the XML sets the location of the Fortigate VM. But when there is a new installation without the XML for example on a mac based workstation. The client cannot find the Fortigate VM for registering and retrieve profiles. Normaly you would enable Broadcast Forticlient settings on the interfaces on the corporate network. This is not possible because the 1500D doesn't have licenses to register and that is de gateway for all the segments.
So the question is simple. Is there a way to broadcast the Fortigate VM forticlient endpoint registration point and not the 1500D?
Thanks in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
One way to achieve this will be to create a custom FortiClient XML configuration file, which does not have to be large or complex, and include it in a custom FortiClient package using the FortiClient Repackager. The process is described in the FortiClient Admin Guide.
The custom FortiClient configuration file should contain the IP address of the FortiGate VM to register to in the <fortigates> element. The FortiClient installer created could then be used for new installations. You can also configure <silent_registration> to have FortiClient automatically register after a successful installation.
It seems you already have something similar to this for FortiClient on Windows. It is more or less the same for Mac OS X. You can reuse the same XML configuration file. The Repackager is included in the FortiClientTools tar file, available for download from the Fortinet support site.
kolawale_FTNT wrote:One way to achieve this will be to create a custom FortiClient XML configuration file, which does not have to be large or complex, and include it in a custom FortiClient package using the FortiClient Repackager. The process is described in the FortiClient Admin Guide.
The custom FortiClient configuration file should contain the IP address of the FortiGate VM to register to in the <fortigates> element. The FortiClient installer created could then be used for new installations. You can also configure <silent_registration> to have FortiClient automatically register after a successful installation.
It seems you already have something similar to this for FortiClient on Windows. It is more or less the same for Mac OS X. You can reuse the same XML configuration file. The Repackager is included in the FortiClientTools tar file, available for download from the Fortinet support site.
We have build a XML file for the Windows Client's but the MAC client's don't register with the same XML file and the MAC client.
There is no possiblilty for broadcasting the correct Fortigate on to the different segments?
In the XML file for example:
<endpoint>
<fortigates> <fortigate> <serial_number></serial_number> <name></name> <registration_password>111111</registration_password> <addresses>x.x.x.x:8010</addresses> </fortigate> </fortigates>
<silent_registration>1</silent_registration>
</endpoint>
Using this XML on the repackager of MAC, I created a .dmg and upon installation, FCT MAC was register to the FGT.
Chris.Lin wrote:In the XML file for example:
<endpoint>
<fortigates> <fortigate> <serial_number></serial_number> <name></name> <registration_password>111111</registration_password> <addresses>x.x.x.x:8010</addresses> </fortigate> </fortigates>
<silent_registration>1</silent_registration>
</endpoint>
Using this XML on the repackager of MAC, I created a .dmg and upon installation, FCT MAC was register to the FGT.
We have the same configuration and the client still doesn't register after install. Parts of the XML are used because that parts are visible in the FortiClient but register won't work.
Sorry, premature submit....
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.