Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kfaebu
New Contributor II

Question: SSLVPN prelogon maschine cert + ad user Fortios/ForticlientEMS

 

I currently have the following scenario.

FortiOS and FortiClient EMS in use.

 

Customer XY wants to replace his Always-ON VPN with Forticlient EMS.

 

It should be possible to log in via machine certificate and LDAP user via prelogon if off-fabric and log in directly to the VPN and PC.

 

For this I would import the usergroup (which are used for logging on to the client) from the AD. For the machine certificate I only have to import the root CA and server certificate on the Forti (as far as I know). And require Client certificate to be activated in the SSL VPN settings.

 

Regarding the EMS configuration, I have only activated Pre Logon and activated Require Certificate in the Remote Access profile.

 

Do I have to consider anything else for this?

 

Many thanks for the upcoming inputs

FortiClient FortiGate 

"Life would be so much easier if we only had the source code."
"Life would be so much easier if we only had the source code."
1 REPLY 1
Mrinmoy
Staff
Staff
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors