- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"Remote Access" tab hidden on Linux client - FortiClient 7.4 ZTNA+EMS
I'm currently testing out the trial version of FortiClientEMS 7.4, however I've been unable to use it to for one of the key purposes we would need it for - to configure VPN connections on FortiClient devices.
The device in question is running Ubuntu 24.10 with a FortiClient installer generated by the EMS. The FortiClient successfully registers and continuously syncs with the EMS, but despite having SSLVPN enabled within the EMS, and a tunnel defined, the "Remote Access" tab just does not show up at all.
Interestingly enough, the "Remote Access" tab is there *before* the user connects to the EMS, but once connected it goes away. Within the settings of FortiClient it also has "Enable SSL VPN Feature" unchecked, but there is no way to change this while connected to the EMS.
Everything works perfectly fine on Windows clients (which would end up being a small minority if we were to fully deploy FortiClient).
I'm kinda at a loss here as none of the logs seems useful. Does anyone know where to start looking to get to the bottom of the issue?
- Labels:
-
FortiClient
-
FortiClient EMS
-
SSL-VPN
-
ZTNA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tested the same version on Ubuntu and I confirm it works fine.
Check which policy is assigned to your client, and if it has been successfully pushed, and check if the policy uses a VPN profile which is enabled (inside the profile).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The default policy (the only one I'm using) has SSLVPN enabled, and a predefined tunnel added. I still get the issue of the "Remote Access" tab disappearing while I'm connected to the EMS. There's absolutely no chance we could even consider deploying this as a solution unless we can get it working reliably
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Go to System Settings > Feature Select, and ensure Remote Access and VPN are enabled.
Did you make sure the policy has been successfully pushed to the client?
If it doesn't help then try to share screenshots of the policy and remote access profile.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Still all seems to be good on the configuration side.
EMS showing synced client info
FortiClient with missing "Remote Access"
Remote Access Profile
Enabled Features in EMS
Created on ‎10-21-2024 06:44 AM Edited on ‎10-21-2024 06:45 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @rhysperry111 ,
"Default" Remote Access profile is hidden. This means it is enabled, but hidden from the GUI for the enduser.
You can make it visible by editing the profile -> click on "Advance" on the top right corner -> click on the eye next to the "enable" toggle button.
Wait for the next telemetry for the client to sync the config with the EMS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The access profile is enabled (and was before)
Remote Access is viewable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @rhysperry111 ,
Can you try to export the client config - Open the FortiClient -> Settings -> Backup (put a password of your choise).
Open the config file with text editor and search for
<ui>
<display_vpn>1</display_vpn>
</ui>
Check the value. Is it 0 or 1?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the tip :)
Just double checked, and annoyingly it's definitely set to 1 so not just a weird UI/XML desync
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just been digging throught the file generated by Forticlient and even though <display_vpn> is 1, it has the following:
<vpn>
<enabled>0</enabled>
...
<sslvpn>
<options>
<enabled>0</enabled>
...
</options>
...
</sslvpn>
...
</vpn>
Is there any way to debug the config the client is receiving?
