I currently have the following scenario.
FortiOS and FortiClient EMS in use.
Customer XY wants to replace his Always-ON VPN with Forticlient EMS.
It should be possible to log in via machine certificate and LDAP user via prelogon if off-fabric and log in directly to the VPN and PC.
For this I would import the usergroup (which are used for logging on to the client) from the AD. For the machine certificate I only have to import the root CA and server certificate on the Forti (as far as I know). And require Client certificate to be activated in the SSL VPN settings.
Regarding the EMS configuration, I have only activated Pre Logon and activated Require Certificate in the Remote Access profile.
Do I have to consider anything else for this?
Many thanks for the upcoming inputs
Hope you will get all the steps here
https://docs.fortinet.com/document/forticlient/7.2.4/administration-guide/505235/appendix-f-ssl-vpn-...
User | Count |
---|---|
2061 | |
1175 | |
770 | |
448 | |
343 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.