I'm currently testing out the trial version of FortiClientEMS 7.4, however I've been unable to use it to for one of the key purposes we would need it for - to configure VPN connections on FortiClient devices.
The device in question is running Ubuntu 24.10 with a FortiClient installer generated by the EMS. The FortiClient successfully registers and continuously syncs with the EMS, but despite having SSLVPN enabled within the EMS, and a tunnel defined, the "Remote Access" tab just does not show up at all.
Interestingly enough, the "Remote Access" tab is there *before* the user connects to the EMS, but once connected it goes away. Within the settings of FortiClient it also has "Enable SSL VPN Feature" unchecked, but there is no way to change this while connected to the EMS.
Everything works perfectly fine on Windows clients (which would end up being a small minority if we were to fully deploy FortiClient).
I'm kinda at a loss here as none of the logs seems useful. Does anyone know where to start looking to get to the bottom of the issue?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I tested the same version on Ubuntu and I confirm it works fine.
Check which policy is assigned to your client, and if it has been successfully pushed, and check if the policy uses a VPN profile which is enabled (inside the profile).
The default policy (the only one I'm using) has SSLVPN enabled, and a predefined tunnel added. I still get the issue of the "Remote Access" tab disappearing while I'm connected to the EMS. There's absolutely no chance we could even consider deploying this as a solution unless we can get it working reliably
Go to System Settings > Feature Select, and ensure Remote Access and VPN are enabled.
Did you make sure the policy has been successfully pushed to the client?
If it doesn't help then try to share screenshots of the policy and remote access profile.
Still all seems to be good on the configuration side.
Created on 10-21-2024 06:44 AM Edited on 10-21-2024 06:45 AM
Hi @rhysperry111 ,
"Default" Remote Access profile is hidden. This means it is enabled, but hidden from the GUI for the enduser.
You can make it visible by editing the profile -> click on "Advance" on the top right corner -> click on the eye next to the "enable" toggle button.
Wait for the next telemetry for the client to sync the config with the EMS.
The access profile is enabled (and was before)
Hey @rhysperry111 ,
Can you try to export the client config - Open the FortiClient -> Settings -> Backup (put a password of your choise).
Open the config file with text editor and search for
<ui>
<display_vpn>1</display_vpn>
</ui>
Check the value. Is it 0 or 1?
Thanks for the tip :)
Just double checked, and annoyingly it's definitely set to 1 so not just a weird UI/XML desync
Just been digging throught the file generated by Forticlient and even though <display_vpn> is 1, it has the following:
<vpn>
<enabled>0</enabled>
...
<sslvpn>
<options>
<enabled>0</enabled>
...
</options>
...
</sslvpn>
...
</vpn>
Is there any way to debug the config the client is receiving?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.