Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Newbie77
New Contributor

SSl VPN

Does anyone know how to customize the FortiClient SSL VPN (4.3.5.472). I want to package it up so that is already has the remote gateway, port , etc. I' ve only found the config for IPSEC. I need it for SSL. Any suggestions?
6 REPLIES 6
rwpatterson
Valued Contributor III

Welcome to the forums. When using the Fortinet SSL VPN client, the entries are stored in the registry for SSL VPN. Copy the below into a text editor (notepad works very well for this), and change the text in red to suit your needs. When you are done, give it a ' .reg' extension, and right click > merge (or double click) it:
 Windows Registry Editor Version 5.00
 
 [HKEY_CURRENT_USER\Software\Fortinet]
 
 [HKEY_CURRENT_USER\Software\Fortinet\SslvpnClient]
 " ServerAddress" =" " 
 " Installed" =dword:00000001
 " ServerPort" =" " 
 " KeepConnectionAlive" =" " 
 " DATA0" =" " 
 " DATA1" =" " 
 " DATA2" =" " 
 " DATA3" =" " 
 " DATA4" =" " 
 " DATA5" =" " 
 " DATA6" =" " 
 " DATA7" =" " 
 " DATA8" =" " 
 " DATA9" =" " 
 " ConnectionName" =" MyServer" 
 
 [HKEY_CURRENT_USER\Software\Fortinet\SslvpnClient\Tunnels]
 
 [HKEY_CURRENT_USER\Software\Fortinet\SslvpnClient\Tunnels\company]
 " Server" =" secure.myserver.com(:port)" 
 " DATA1" =" " 
 " DATA2" =" " 
 " Description" =" Tunnel to my server" 
 " DATA3" =" " 
 " ServerCert" =" 1" 
Once you have created the .reg file, it can be executed from a batch file as you can also do with the SSL VPN client install. I have them chained where the SSL client first installs, then the .reg file is run afterward. Works well. Hope that helps

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Newbie77
New Contributor

Thanks for the reply. When you say you have them " chained" how did you do that? Did you create batch file within you GPO? I should have mentioned before that I' m creating this to be push by GPO.
rwpatterson
Valued Contributor III

I created a stand alone batch file that I give to the end users to load on their remote desktops. I guess it could work if pushed by GPO, but we don' t force our home users to have AD authentication. I' ll provide a copy of the install file. (I removed my company' s name from the script. Should still work, but the directory will be just SSL VPN.
 REM installer for SSL VPN written by Bob Patterson 03/21/2013
 
 @ECHO off
 CLS
 
 SET SSLdir=%CD%
 IF NOT EXIST " %SSLdir%\uninstall.bat"  GOTO NoCopy
 IF EXIST c:\Windows\SysWOW64 GOTO Win7
 IF EXIST c:\Windows\System32 GOTO Windows
 IF EXIST c:\WINNT\System32 GOTO WINNT
 @ECHO Cannot locate your version of Windows
 PAUSE
 GOTO End
 
 :Windows
 @ECHO Windows 98/XP based machine found.
 @ECHO:
 CD C:\Windows\System32
 GOTO Copy
 
 :WINNT
 @ECHO Windows NT based machine found.
 @ECHO:
 CD C:\WINNT\System32
 GOTO Copy
 
 :Win7
 @ECHO Windows 64 bit based machine found.
 @ECHO:
 CD c:\Windows\SysWOW64
 GOTO Copy
 
 :Copy
 REM Program Files copy
 REM 64 bit Windows copying
 IF EXIST " %ProgramFiles(x86)%"  (
     @ECHO Copying files to " %ProgramFiles(x86)%\SSL VPN\" 
     IF NOT EXIST " %ProgramFiles(x86)%\SSL VPN\"      MKDIR " %ProgramFiles(x86)%\SSL VPN\" 
     COPY " %SSLdir%\add registry entries.reg"               " %ProgramFiles(x86)%\SSL VPN\add registry entries.reg" 
     COPY " %SSLdir%\clear registry entries.reg"             " %ProgramFiles(x86)%\SSL VPN\clear registry entries.reg" 
     COPY " %SSLdir%\clear Fortinet registry entries.reg"    " %ProgramFiles(x86)%\SSL VPN\clear Fortinet registry entries.reg" 
     COPY " %SSLdir%\SSL VPN connect_x64.lnk"                " %ProgramFiles(x86)%\SSL VPN\SSL VPN connect_x64.lnk" 
     COPY " %SSLdir%\SSL VPN disconnect_x64.lnk"             " %ProgramFiles(x86)%\SSL VPN\SSL VPN disconnect_x64.lnk" 
     COPY " %SSLdir%\uninstall.bat"                          " %ProgramFiles(x86)%\SSL VPN\uninstall.bat" 
     IF NOT EXIST " %ProgramFiles(x86)%\SSL VPN\Windows"  MKDIR " %ProgramFiles(x86)%\SSL VPN\Windows" 
     COPY " %SSLdir%\Windows_x64\"                           " %ProgramFiles(x86)%\SSL VPN\Windows\" 
     @ECHO:
 REM Start Menu install
     IF NOT EXIST " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\"  MKDIR " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\" 
     @ECHO Creating start menu icons
     IF EXIST " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\"  (
         COPY " %SSLdir%\SSL VPN connect_x64.lnk"              " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\SSL VPN connect.lnk" 
         COPY " %SSLdir%\SSL VPN disconnect_x64.lnk"           " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\SSL VPN disconnect.lnk" 
         COPY " %SSLdir%\add registry entries.reg"             " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\add registry entries.reg" " 
         COPY " %SSLdir%\clear registry entries.reg"           " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\clear registry entries.reg" " 
         COPY " %SSLdir%\clear Fortinet registry entries.reg"  " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\clear Fortinet registry entries.reg" " 
         COPY " %SSLdir%\uninstall.bat"                        " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\uninstall.bat" 
     )
     @ECHO:
 REM Desktop install
     @ECHO Creating desktop icons
         COPY " %SSLdir%\SSL VPN connect_x64.lnk"          " %SystemDrive%\Documents and Settings\All Users\Desktop\SSL VPN connect.lnk" 
         COPY " %SSLdir%\SSL VPN disconnect_x64.lnk"       " %SystemDrive%\Documents and Settings\All Users\Desktop\SSL VPN disconnect.lnk" 
     @ECHO:
     GOTO Display
 )
 
 REM 32 bit Windows copying
 IF EXIST " %ProgramFiles%"  (
     @ECHO Copying files to " %ProgramFiles%\SSL VPN\" 
     IF NOT EXIST " %ProgramFiles%\SSL VPN\"         MKDIR " %ProgramFiles%\SSL VPN\" 
     COPY " %SSLdir%\add registry entries.reg"             " %ProgramFiles%\SSL VPN\add registry entries.reg" 
     COPY " %SSLdir%\clear registry entries.reg"           " %ProgramFiles%\SSL VPN\clear registry entries.reg" 
     COPY " %SSLdir%\clear Fortinet registry entries.reg"  " %ProgramFiles%\SSL VPN\clear Fortinet registry entries.reg" 
     COPY " %SSLdir%\SSL VPN connect_x86.lnk"              " %ProgramFiles%\SSL VPN\SSL VPN connect.lnk" 
     COPY " %SSLdir%\SSL VPN disconnect_x86.lnk"           " %ProgramFiles%\SSL VPN\SSL VPN disconnect.lnk" 
     COPY " %SSLdir%\uninstall.bat"                        " %ProgramFiles%\SSL VPN\uninstall.bat" 
     IF NOT EXIST " %ProgramFiles%\SSL VPN\Windows"  MKDIR " %ProgramFiles%\SSL VPN\Windows\" 
     COPY " %SSLdir%\Windows_x86\*.*"                      " %ProgramFiles%\SSL VPN\Windows\*.*" 
     @ECHO:
 REM Start Menu install
     IF NOT EXIST " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\"  MKDIR " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\" 
     @ECHO:Creating start menu icons
     IF EXIST " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\"  (
         COPY " %SSLdir%\SSL VPN connect_x86.lnk"              " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\SSL VPN connect.lnk" 
         COPY " %SSLdir%\SSL VPN disconnect_x86.lnk"           " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\SSL VPN disconnect.lnk" 
         COPY " %SSLdir%\add registry entries.reg"             " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\add registry entries.reg" " 
         COPY " %SSLdir%\clear registry entries.reg"           " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\clear registry entries.reg" " 
         COPY " %SSLdir%\clear Fortinet registry entries.reg"  " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\clear Fortinet registry entries.reg" " 
         COPY " %SSLdir%\uninstall.bat"                        " %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SSL VPN\uninstall.bat" 
     )
     @ECHO:
 REM Desktop install
     @ECHO:Creating desktop icons
         COPY " %SSLdir%\SSL VPN connect_x86.lnk"          " %SystemDrive%\Documents and Settings\All Users\Desktop\SSL VPN connect.lnk" 
         COPY " %SSLdir%\SSL VPN disconnect_x86.lnk"       " %SystemDrive%\Documents and Settings\All Users\Desktop\SSL VPN disconnect.lnk" 
     @ECHO:
     GOTO Display
 )
 
 :NoCopy
 ECHO:
 ECHO:
 ECHO: This program must be extracted out from the .zip file and run from the same
 ECHO:directory as the other SSL VPN files to work correctly! This batch file
 ECHO:will not run from a .zip file or Windows zip folder. Make sure that all of the 
 ECHO:SSL VPN files are located in this same folder to be installed and 
 ECHO:registered with Windows. This install program will place a copy of the SSL 
 ECHO:VPN files in your start menu as well. To remove or uninstall these files,
 ECHO:use the link in the start menu.
 ECHO:
 
 GOTO End
 
 :Display
 ECHO: The SSL VPN shortcuts have been installed.
 ECHO:
 
 IF EXIST " %ProgramFiles%\Fortinet\SslvpnClient\FortiSslvpnClient.exe"  (
     ECHO: SSL VPN client is already installed. Skipping install of SSL VPN client
     ECHO:version 4.0.2281.
     ECHO:
     GOTO End
 ) ELSE (
     IF EXIST " %ProgramFiles(x86)%\Fortinet\SslvpnClient\FortiSslvpnClient.exe"  (
         ECHO: SSL VPN client is already installed. Skipping install of SSL VPN client
         ECHO:version 4.0.2281.
         ECHO:
         GOTO End
     ) ELSE (
         IF EXIST " %ProgramFiles%\SSL VPN\Windows\SslvpnClient.exe"  (
             ECHO: Please follow the instructions in the following software to install 
             ECHO:the Fortinet SSL VPN client software version 4.0.2281.
             ECHO:
             PAUSE
             " %ProgramFiles%\SSL VPN\Windows\SslvpnClient.exe" 
             GOTO End
         ) ELSE (
             IF EXIST " %ProgramFiles(x86)%\SSL VPN\Windows\SslvpnClient.exe"  (
                 ECHO: Please follow the instructions in the following software to install 
                 ECHO:the Fortinet SSL VPN client software version 4.0.2281.
                 ECHO:
                 " %ProgramFiles(x86)%\SSL VPN\Windows\SslvpnClient.exe" 
                 PAUSE
                 GOTO End
             )
         )
     )
 )
 
 :End
 ECHO: Thank you
 ECHO:
 ECHO: Information Services Team ;-)                                             v1.3
 ECHO:
 PAUSE
 

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Newbie77
New Contributor

Awesome I' ll try it out. Thanks so much.
Newbie77
New Contributor

I' ve decided to use the first script that you recommended but I' m having a hard time getting it to work. I' ve created a small batch file :GOTO END ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : IF VPN CLIENT PRESENT - GOTO END - DO NOTHING ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :CHECK IF VPN CLIENT IS PRESENT IF EXIST " C:\Program Files (x86)\ dir\INSTALL1.DAT" GOTO END IF EXIST " C:\Program Files\dir\INSTALL1.DAT" GOTO END ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : INSTALLS VPN CLIENT ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: \\domainame\NETLOGON\directory name\sslvpnclient.msi" ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : PLACES INSTALL.DAT FILE AT LOCATION ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ECHO VPNCLIENT INSTALLED!!! > " C:\Program Files\directory name\INSTALL1.DAT" ECHO VPNCLIENT INSTALLED!!! > " C:\Program Files (x86)\directory name\INSTALL1.DAT" ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : Run the Registry File ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: regedit.exe " \\domainname\NETLOGON\directory name\registry\test.reg" The client installs but I get a registry error stating: " Cannot import \\domain name.... The specified file is not a registry script. Any input?
rwpatterson
Valued Contributor III

Use the .exe instead of the .msi installer.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com