Hey Comm,
my problem is, that on windows i can configure the forticlient very good, but on mac i can't configure the vpn connection correctly, because i don't have the advanced settings for IPsec, Phase1 and Phase2. So the client can't connect to our firewall.
Is there any trick to get these settings? I have tried many other forticlient versions but in no version the advanced settings are displayed.
thanks!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Your correct but I never seen anybody that needed to modify the ipsec settings. Either way you need to do it old school and i advise to backup the cfg b4 making changes.
1: backup the cfg
Preference > General > Backup ( name the file )
2: open the <*.conf> file in yoru favorite editor.
3: Search down to the ipsec or connection name
4:make your modifications and save as new file
5: Restore the new cfg
<name>socpuppetshq</name> <type>manual</type> <ike_settings> <prompt_certificate>0</prompt_certificate> <description>MainFGT100D</description> <server>192.0.1.1</server> <authentication_method>Preshared Key</authentication_method> <auth_key>Enc 420d2ee65abded897a69c50f49954d0df61920558d173d22a1b0b1b058b8034b</auth_key> <mode>aggressive</mode> <dhgroup>5</dhgroup> <key_life>86400</key_life> <localid></localid> <nat_traversal>1</nat_traversal> <mode_config>1</mode_config> <enable_local_lan>0</enable_local_lan> <dpd>1</dpd> <xauth> <enabled>1</enabled> <prompt_username>0</prompt_username> <username>Enc 420d2ee65abded897a69c50f49954d0df619498b1925dd2d993abf54be</username> <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password> </xauth> <proposals> <proposal>aes128|sha1</proposal> <proposal>aes256|sha256</proposal> <proposal>3des|sha256</proposal> <proposal>aes128|sha1</proposal> <proposal>aes256|sha1</proposal> <proposal>3des|sha1</proposal> </proposals> <fgt>0</fgt> </ike_settings>
I hope that helps. Just becarefull and ways make a backup copy b4 proceeding.
Good luck and let us know how your forticlientVersion works. I'm having problems with a few 10.10 and dropping ipsec connections.
PCNSE
NSE
StrongSwan
You posted to the wrong forum. Should move to FortiClient.
Hi vanc,
i have tried, when you can tell me how i can move the thread, i will move it, thanks!
Your correct but I never seen anybody that needed to modify the ipsec settings. Either way you need to do it old school and i advise to backup the cfg b4 making changes.
1: backup the cfg
Preference > General > Backup ( name the file )
2: open the <*.conf> file in yoru favorite editor.
3: Search down to the ipsec or connection name
4:make your modifications and save as new file
5: Restore the new cfg
<name>socpuppetshq</name> <type>manual</type> <ike_settings> <prompt_certificate>0</prompt_certificate> <description>MainFGT100D</description> <server>192.0.1.1</server> <authentication_method>Preshared Key</authentication_method> <auth_key>Enc 420d2ee65abded897a69c50f49954d0df61920558d173d22a1b0b1b058b8034b</auth_key> <mode>aggressive</mode> <dhgroup>5</dhgroup> <key_life>86400</key_life> <localid></localid> <nat_traversal>1</nat_traversal> <mode_config>1</mode_config> <enable_local_lan>0</enable_local_lan> <dpd>1</dpd> <xauth> <enabled>1</enabled> <prompt_username>0</prompt_username> <username>Enc 420d2ee65abded897a69c50f49954d0df619498b1925dd2d993abf54be</username> <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password> </xauth> <proposals> <proposal>aes128|sha1</proposal> <proposal>aes256|sha256</proposal> <proposal>3des|sha256</proposal> <proposal>aes128|sha1</proposal> <proposal>aes256|sha1</proposal> <proposal>3des|sha1</proposal> </proposals> <fgt>0</fgt> </ike_settings>
I hope that helps. Just becarefull and ways make a backup copy b4 proceeding.
Good luck and let us know how your forticlientVersion works. I'm having problems with a few 10.10 and dropping ipsec connections.
PCNSE
NSE
StrongSwan
Hi emnoc,
thank's for your reply, i've tried this before, but nothing won't work.
If I edit the config file and import the file, the client delete the vpn connection or it doesn't work.
But i will try again and let you know if it works for me, thank's again for your reply.
emnoc wrote:Your correct but I never seen anybody that needed to modify the ipsec settings. Either way you need to do it old school and i advise to backup the cfg b4 making changes.
1: backup the cfg
...
5: Restore the new cfg
I have v5.4.4.536 FortiClient for MAC and if I backup the config and then restore (without even opening .conf file) it throws an error "Error while processing the configuration file. The file is corrupted or missing. Import failed."
Has anyone found a working solution?
FGT60B, FGT100A, FGT100D
What I would do is try to restore on a 2nd mac or a different device. If you want me to try ping me in IM and I'll shut my personal email
Ken Felix
PCNSE
NSE
StrongSwan
Still no luck. Even on other machine. The problem still exists on FortiClientVPNSetup_6.4.1.1267_macosx.dmg
Backup configuration with success but restore failed.
FGT60B, FGT100A, FGT100D
If I edit the config file and import the file, the client delete the vpn connection or it doesn't work.
What are you modifying if I may ask?
I've changed thing such as ; PSK and vpn gateway address, but never done anything within in the IPSEC portion of the configuration. You should be able to change anything and re-imported, but if your removing the configuration parameters, than that needs to be tested and validated. IIRC if you make mistaens in the configuration syntax, it will not successfully import.
PCNSE
NSE
StrongSwan
I edit the porposals, because with the standards the windows client can't connect too.
So i want to edit this settings, because i think this is the problem why the mac client can't connect.
for example:
<proposals> <proposal>3DES|MD5</proposal> <proposal>3DES|SHA1</proposal> <proposal>AES128|MD5</proposal> <proposal>AES128|SHA1</proposal> </proposals>
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.