Hi all, I can't find any docs, just an old thread in this forum that has a link which is no longer valid. Is it possible to do an on-demand SSL-based VPN from iOS devices to FortiGate? We're deploying a self-hosted chat system with external access accomplished through an apache reverse proxy using client certificates to auth. Unfortunately, on iOS a client certificate is stupidly only accessible to apps written by Apple, so the messaging client can't talk to the internal server unless a formal ipsec vpn session is established, which is too cumbersome on a mobile device. Safari can make the connection successfully, but that doesn't offer our users the same feature set.
I was hoping there's a way to use native methods, or FortiClient, to do transparent certificate auth'd VPN so the chat client can connect? It would be a specific domain name used, not IP address, so it could trigger off that. I see reference to products from F5 seeming to support such a setup on iOS but can't find anything for FortiGate.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi we are going through the same setup. Did you ever find a solution?
Ended up with OpenVPN instead of Fortigate. OpenVPN, via pfSense appliance, made it easy to deploy a solution with certificate authority/management and vpn + firewall all in one place, and the OpenVPN client on iOS is great. So what we do is issue certs to users, generate an openvpn bundle file for them, get it onto their device securely, import, and it includes a pushed /32 ipv4 and /128 ipv6 route for the ip address of the internal system we want to have the one app accessing. When that app is opened, ios+openvpn transparently connects and cert auth's. What doesn't work are push notifications in the reverse direction, to an app that is not running in the foreground, because apple refuses to allow for an always on vpn even with background app refresh on the app making use of the vpn. I believe the only way around that would be full mobile device management, which means taking over your users' devices with enterprise management after a factory reset, which isn't practical unless you have users that are willing to use corporate devices for personal use, give up all control over their personal devices, or carry two phones.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.