I currently have the following scenario.
FortiOS and FortiClient EMS in use.
Customer XY wants to replace his Always-ON VPN with Forticlient EMS.
It should be possible to log in via machine certificate and LDAP user via prelogon if off-fabric and log in directly to the VPN and PC.
For this I would import the usergroup (which are used for logging on to the client) from the AD. For the machine certificate I only have to import the root CA and server certificate on the Forti (as far as I know). And require Client certificate to be activated in the SSL VPN settings.
Regarding the EMS configuration, I have only activated Pre Logon and activated Require Certificate in the Remote Access profile.
Do I have to consider anything else for this?
Many thanks for the upcoming inputs
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hope you will get all the steps here
https://docs.fortinet.com/document/forticlient/7.2.4/administration-guide/505235/appendix-f-ssl-vpn-...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.