Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rhysperry111
New Contributor II

Created on ‎10-20-2024 03:31 PM Edited on ‎10-20-2024 03:43 PM

"Remote Access" tab hidden on Linux client - FortiClient 7.4 ZTNA+EMS

I'm currently testing out the trial version of FortiClientEMS 7.4, however I've been unable to use it to for one of the key purposes we would need it for - to configure VPN connections on FortiClient devices.

 

The device in question is running Ubuntu 24.10 with a FortiClient installer generated by the EMS. The FortiClient successfully registers and continuously syncs with the EMS, but despite having SSLVPN enabled within the EMS, and a tunnel defined, the "Remote Access" tab just does not show up at all.

 

Interestingly enough, the "Remote Access" tab is there *before* the user connects to the EMS, but once connected it goes away. Within the settings of FortiClient it also has "Enable SSL VPN Feature" unchecked, but there is no way to change this while connected to the EMS.

 

Everything works perfectly fine on Windows clients (which would end up being a small minority if we were to fully deploy FortiClient).

 

I'm kinda at a loss here as none of the logs seems useful. Does anyone know where to start looking to get to the bottom of the issue?

1771
0 Kudos
20 REPLIES 20
AEK
SuperUser
SuperUser

Created on ‎10-21-2024 01:12 AM

I tested the same version on Ubuntu and I confirm it works fine.

Check which policy is assigned to your client, and if it has been successfully pushed, and check if the policy uses a VPN profile which is enabled (inside the profile).

AEK
AEK
927
rhysperry111
New Contributor II

Created on ‎10-21-2024 01:44 AM Edited on ‎10-21-2024 03:38 AM

The default policy (the only one I'm using) has SSLVPN enabled, and a predefined tunnel added. I still get the issue of the "Remote Access" tab disappearing while I'm connected to the EMS. There's absolutely no chance we could even consider deploying this as a solution unless we can get it working reliably

920
AEK
SuperUser
SuperUser

Created on ‎10-21-2024 04:36 AM

Go to System Settings > Feature Select, and ensure Remote Access and VPN are enabled.

Did you make sure the policy has been successfully pushed to the client?

If it doesn't help then try to share screenshots of the policy and remote access profile.

AEK
AEK
882
rhysperry111
New Contributor II

Created on ‎10-21-2024 05:23 AM

Still all seems to be good on the configuration side.

 

EMS showing synced client infoEMS showing synced client infoFortiClient with missing "Remote Access"FortiClient with missing "Remote Access"Remote Access ProfileRemote Access ProfileEnabled Features in EMSEnabled Features in EMS

875
0 Kudos
aastardzhiev
New Contributor II
In response to rhysperry111

Created on ‎10-21-2024 06:44 AM Edited on ‎10-21-2024 06:45 AM

Hi @rhysperry111 ,

 

"Default" Remote Access profile is hidden. This means it is enabled, but hidden from the GUI for the enduser.

You can make it visible by editing the profile -> click on "Advance" on the top right corner -> click on the eye next to the "enable" toggle button.
forticlient-enable-ra-view.png

 

Wait for the next telemetry for the client to sync the config with the EMS.

857
rhysperry111
New Contributor II
In response to aastardzhiev

Created on ‎10-21-2024 07:09 AM

The access profile is enabled (and was before)

Remote Access is viewableRemote Access is viewable

849
0 Kudos
aastardzhiev
New Contributor II
In response to rhysperry111

Created on ‎10-21-2024 08:26 AM

Hey @rhysperry111 ,

 

Can you try to export the client config - Open the FortiClient -> Settings -> Backup (put a password of your choise).

Open the config file with text editor and search for

        <ui>
            <display_vpn>1</display_vpn>
        </ui>

Check the value. Is it 0 or 1?

 

 

815
0 Kudos
rhysperry111
New Contributor II
In response to aastardzhiev

Created on ‎10-21-2024 11:19 AM

Thanks for the tip :)

 

Just double checked, and annoyingly it's definitely set to 1 so not just a weird UI/XML desync

801
0 Kudos
rhysperry111
New Contributor II
In response to aastardzhiev

Created on ‎10-21-2024 11:50 AM

Just been digging throught the file generated by Forticlient and even though <display_vpn> is 1, it has the following:

 

<vpn>
  <enabled>0</enabled>
  ...
    <sslvpn>
      <options>
        <enabled>0</enabled>
        ...
      </options>
      ...
  </sslvpn>
  ...
</vpn>

Is there any way to debug the config the client is receiving?

791
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.