I need to set up VPN connections to multiple VMs dependent on whether or not clients connecting to said VMs are eligible for a connection (valid license).
Plus a system to automatically set up a new connection when a new user pays for the service.
The payment and license check is supposed to be handled by a different system (possibly authentication server) and the FortiGate should get info about which user is eligible or not and whether a new user came to the system and act accordingly.
I work for a SaaS company (a subscription management services providing company). Netmotion Mobility is a good option if you want an always-on VPN with minimal fuss. Their customer service is excellent, and they will go out of their way to assist you in getting up and running.
I have been using FortiClient EMS since it was released, and it is not a high-quality product in my opinion. It appears that every version has some sort of issue. Right now, 6.2.6 and 6.2.7 are working fine. 6.4.0 has a slew of documented flaws.
Right now, I'm experimenting with IPSec and computer certificates to see if always-on is doable. It works with the user certificate after the user logs in. I'm currently testing the computer certificate to see whether it can connect before the user logs on. I'm aware that it's possible to do so using an SSL VPN. It all depends on what you're looking for in an au pair.
Prior to Mobility v11.73 and v12.02, attackers with get proper of access to to the Mobility net server, which hosts the Mobility manipulate console and some inter-server communications processes, have to take gain of Java deserialization vulnerabilities. Successful exploitation results in a long way flung code execution with system privileges without preceding authentication. Customers who have determined NetMotion’s recommendations for solid deployment are simplest liable to this attack from inner their protected network in which the Mobility net server is deployed.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.