- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- no Advanced Options in FortiClient 5.2.1.356 on Ma...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
no Advanced Options in FortiClient 5.2.1.356 on Mac OSX
Hey Comm,
my problem is, that on windows i can configure the forticlient very good, but on mac i can't configure the vpn connection correctly, because i don't have the advanced settings for IPsec, Phase1 and Phase2. So the client can't connect to our firewall.
Is there any trick to get these settings? I have tried many other forticlient versions but in no version the advanced settings are displayed.
thanks!
Solved! Go to Solution.
Labels:
- Labels:
-
5.2
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your correct but I never seen anybody that needed to modify the ipsec settings. Either way you need to do it old school and i advise to backup the cfg b4 making changes.
1: backup the cfg
Preference > General > Backup ( name the file )
2: open the <*.conf> file in yoru favorite editor.
3: Search down to the ipsec or connection name
4:make your modifications and save as new file
5: Restore the new cfg
<name>socpuppetshq</name> <type>manual</type> <ike_settings> <prompt_certificate>0</prompt_certificate> <description>MainFGT100D</description> <server>192.0.1.1</server> <authentication_method>Preshared Key</authentication_method> <auth_key>Enc 420d2ee65abded897a69c50f49954d0df61920558d173d22a1b0b1b058b8034b</auth_key> <mode>aggressive</mode> <dhgroup>5</dhgroup> <key_life>86400</key_life> <localid></localid> <nat_traversal>1</nat_traversal> <mode_config>1</mode_config> <enable_local_lan>0</enable_local_lan> <dpd>1</dpd> <xauth> <enabled>1</enabled> <prompt_username>0</prompt_username> <username>Enc 420d2ee65abded897a69c50f49954d0df619498b1925dd2d993abf54be</username> <password>Enc 420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password> </xauth> <proposals> <proposal>aes128|sha1</proposal> <proposal>aes256|sha256</proposal> <proposal>3des|sha256</proposal> <proposal>aes128|sha1</proposal> <proposal>aes256|sha1</proposal> <proposal>3des|sha1</proposal> </proposals> <fgt>0</fgt> </ike_settings>
I hope that helps. Just becarefull and ways make a backup copy b4 proceeding.
Good luck and let us know how your forticlientVersion works. I'm having problems with a few 10.10 and dropping ipsec connections.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
- « Previous
-
- 1
- 2
- Next »
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So what do you have configured in the fortigate. That's what you should be doing is matching the proposals in the fortigate imho. I have never seen a need to modify the actual configuration file.
Ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is one big problem with the fortigate, the person who has configured the fortigate is'nt in our company anymore.
One in our department know a little bit the current VPN config. And this person does not want to change the config, because we have to change the settings on 100 notebooks i think if he change it.
But now i have a new config file, i will test it and let you know if it works.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi emnoc, now i get another error.
The connection was unexpectedly disconnected - error 101
This error means to me, that he has a connection but our firewall discards it, is that right?in the config-file i have replaced all "wrong" options, like ipsec vpn options or the proposals.
i dont know :(
Paul
PS: i have found something in the logs...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Qs:
Do you have the vpn configuration handy?
Have you tried with a non forticlient client ( iOS,Andorid, MACOSX, cisco vpnclient,shrew net, etc.....)
You shouldn't flat out change things with out proper diagnostics and review actions. The proposal in the forticlient , covers the default common proposals in the fortigate which should work regardless if it's mac windows or iphone.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I habe tried it with ipsecuritas, and others ...
i have found a option, witch is on the macs configurationfile ...
... <use_vip>1</use_vip> <virtualip> <type>modeconfig</type> <ip></ip> <mask></mask> <dnsserver></dnsserver> </virtualip>
and on windows ... <use_vip>1</use_vip> <virtualip> <type>dhcpoveripsec</type> <ip>0.0.0.0</ip> <mask>0.0.0.0</mask> <dnsserver>0.0.0.0</dnsserver> <winserver>0.0.0.0</winserver> </virtualip>
But, when i write dhcpoveripsec over the modeconfig, i can't import the file?! O.o
I think this could be the fail in the configuration, because we use dhcp over ipsec...
Is this possible? But why i can't wirte dhcpoveripsec over modeconfig?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, I have configured it as SSL VPN, then it works fine on Mac OS.
Rgds
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same problem on MacOS I cannot set "dhcpoveripsec" as a virtualIP type on MacOS
Did you manage to find a solution ?
Best Regards,
- « Previous
-
- 1
- 2
- Next »
Related Posts
- Issue on our FortClient EWS MSSQL$FCEMS 376 Views
- Forticlient VPN Only on Linux 249 Views
- Add header to all mails received... 175 Views
- looking for solution for ZTNA w/... 176 Views
- Forticlient VPN does not negotiate DES 544 Views
Labels
-
FortiGate
6,586 -
FortiClient
1,312 -
5.2
801 -
5.4
639 -
FortiManager
570 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
338 -
FortiAP
336 -
FortiClient EMS
268 -
6.2
251 -
FortiMail
246 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
62 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
26 -
Firewall policy
25 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SSO
6 -
Application control
6 -
Traffic shaping policy
5 -
SNMP
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
Web application firewall profile
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.