Where to set script on Fortigate firewall for SSL VPN to map network drive on connect?

JayL · ‎09-02-2019

I know I can export the Forticlient configuration, edit it and then restore it that way. But when you have a lot of VPN users that's just not practical. Is there a way that when users connect to the Fortigate firewall using Forticlient VPN, the firewall tells the client to run a script like mapping network drive etc? I did quite some google search but couldn't find the right answer. Thanks.

JayL · ‎09-12-2019

No suggestions after a week. I guess it's a no then. Hope they can add this feature in the future.

Dave_Hall · ‎09-12-2019

A google search seems to imply the following link....

Mapping a network drive after tunnel connection

The script maps a network drive and copies some files after the tunnel is connected.

<on_connect>

<os>windows</os>

<![CDATA[

net use x: \\192.168.10.3\ftpshare /user:Honey Boo Boo

md c:\test

copy x:\PDF\*.* c:\test

]]>

</script>

</on_connect>

Also check out the full XML Reference scripting section.

YMMV.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

JayL · ‎09-13-2019

Dave Hall wrote:
A google search seems to imply the following link....

Mapping a network drive after tunnel connection
The script maps a network drive and copies some files after the tunnel is connected.
<on_connect><script><os>windows</os><script><script><![CDATA[net use x: \\192.168.10.3\ftpshare /user:Honey Boo Boomd c:\testcopy x:\PDF\*.* c:\test]]></script></script></script></on_connect>
Also check out the full XML Reference scripting section.

YMMV.

Hi Dave, thanks for the reply. But my question is really how to deploy the scripts centrally when you have hundreds of clients. I already know how to make the script, I also know how to do it on each individual client. But I want to find a way that you set up the script on the firewall and the client gets the script when they connect.

Found an answer in the other thread someone mentioned the FortiClient Configurator Tool which can make a customized MSI installation file. It will archive what I want to do although not ideal, plus it requires license which means more cost.

emnoc · ‎09-13-2019

Nothing free , vendors has to make money. The other option is to run a power-shell script on boot up that pulls in the cfg. This would doable depending on how crafty your win-AD team members are.

Ken Felix

PCNSE

NSE

StrongSwan

JayL · ‎09-16-2019

emnoc wrote:
Nothing free , vendors has to make money. The other option is to run a power-shell script on boot up that pulls in the cfg. This would doable depending on how crafty your win-AD team members are.

Ken Felix

I agree they need to make money. But to require license on a tool like this is like nickel and dime.

Kenundrum · ‎09-16-2019

This is a function that is directly integrated into Forticlient EMS. I know- it's another license, but it's relatively inexpensive and is way more convenient for managing forticlient configurations.

CISSP, NSE4

Elthon_Abreu · ‎09-18-2019

JayL,

I had the same need and I solved my problem with persistent mapping on my AD Mapping GPO. So when my users connect to my VPN the map driver will be available. Any other solution, probably, willl require investments.

Kind regards,

Elthon Abreu FCNSA v5

JayL · ‎09-18-2019

elthon.abreu wrote:
JayL,

I had the same need and I solved my problem with persistent mapping on my AD Mapping GPO. So when my users connect to my VPN the map driver will be available. Any other solution, probably, willl require investments.

Kind regards,

Thanks for the solution, gotta think out of the box sometimes :)

Where to set script on Fortigate firewall for SSL VPN to map network drive on connect?

Nominate a Forum Post for Knowledge Article Creation

Mapping a network drive after tunnel connection

Mapping a network drive after tunnel connection

You are leaving our website