Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
FortiKoala
Staff
Staff

Created on ‎03-19-2018 09:09 AM Edited on ‎06-21-2023 01:40 AM By Community Manager

Article Id 192581

Technical Tip: How to use FortiClient SSL VPN from the CLI

Description
This article describes how to use the FortiClient SSL VPN from the command line.

Scope
FortiClient 5.4.5

FortiCl
ent 5.6.5


Solution
The full FortiClient installation cannot be used for command line VPN tunnel access.
Download 'SSLVPNcmdline' from our support site: https://support.fortinet.com/.

  1. Navigate to our support site: https://support.fortinet.com/.
  2. Go to the FortiClient section and download the latest FortiClient tools folder.
  3. Extract to a working folder.
  4. From a cmd window, navigate to working folder (ie. C:\_MY DOCS_\_EMS\FortiClient Tools\FortiClientTools_5.4.5.0891\SSLVPNcmdline\).
  5. Run 'FortiSSLVPNclient.exe'.
  6. Create a VPN profile.
  7. Type Connection Name, Server Address, user Name, no password -- authentication *only* uses the certificate.
    Note: Enable "Do not warn about server certificate validation failure" if a client certificate is being used.
  8. Save settings.
  9. Close.

Command Line Usage

Usage:  FortiSSLVPNclient.exe <subcommand> [options] [args]

e.g. FortiSSLVPNclient.exe connect -s MyCompanyName  i -m -q (No Certificate)
e.g. FortiSSLVPNclient.exe connect -s MyCompanyName -c FCT.net:earth-EARTH-CA -i -m -q (with Certificate)

Commands
Syntax
 Switch
 Command
-s
 <connection settings name>
-h <sslvpn server>[:<port>]
-u
 <sslvpn username>[:<password>]
-c
 <certificate subject>[:<issuer>]
-i
 Ignore server certificate warning
-q
 Quiet mode (no error message box)
-m
 Minimize window on connection

Sub-Commands
connect
 Start a connection
disconnect
 Disconnect from your session

Usage

To connect
 FortiSSLVPNclient.exe connect [options] [args]
To disconnect
 FortiSSLVPNclient.exe disconnect [options] [args]

Notes

FortiClient 5.6.1 and newer:
  1. Added command-line option '-q' to support 'QuietMode' of FortiSSLVPNclient.exe
  2. When 'QuietMode' is enabled, no error will be prompted on network failure.
  3. If both 'QuietMode' and 'KeepAlive' are enabled, FortiSSLVPNclient.exe will retry to establish a connection, even if the first time attempt to connect results in failure.
Certificates:

When using Client Certificates, specify the Following on the FortiGate SSL VPN Settings:
# config vpn ssl settings
set reqclientcert enable
  end

 

Link to download FortiClient:

https://www.fortinet.com/support/product-downloads

123361
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.