Use the following CLI command: config system interface For Fortigates with FortiOS 6.0.1 or later This Free FortiClient VPN App allows you to create a secure Virtual Private Network (VPN) connection using IPSec or SSL VPN Tunnel Mode connections. Make sure your balancing strategy is setup to “Sessioin”, not “Volume”. If you are using SD-WAN or WAN load balancing, following config changes will be needed This prevents users from just leaving VPN on overnight. We normally set it up for 8 hours or 28800 seconds. You might want to decrease it as you see fit. Note: timeout is in seconds, so 259200 seconds is 72 hours. Here is configuration that works config vpn ssl settings Your Forticlient SSL VPN users might experience frequent disconnects, even if “Always On” check box is checked in Forticlient’s login window. Run this command in Fortigate CLI to allow your Forticlient SSL VPN users to resolve names of devices on your local network config vpn ssl settings However, this will not work unless you configure your local DNS suffix.Įxample: DNS suffix for your local domain is “mycompany.local” If your users connect to a Forigate firewall using Forticlient SSL VPN and you are using internal DNS servers for DNS resolution, you might expect your users to be able to resolve names of devices on your network. Note: most problems with unstable Forticlient SSL VPN connection are related to Internet connection problems, like packet loss.
Please update your Fortigate firewall to at least version 6.0.5, there is a security vulnerability in older versions.Īlso, update your Forticlient to 6.0 or 6.2 from Forticlientweb site This section contains tips to help you with some common challenges of IPsec VPNs.
set vpn-stats-log ipsec ssl set vpn-stats-period 300.
To allow VPN tunnel-stats to be sent to FortiAnalyzer, configure the FortiGate unit as follows using the CLI: config system settings. These notes are for for software version 6.0.1 and 5.6, but might work for 5.4 and even 5.2Īs usual: Backup configuration of your firewall before making any changes Update 03/2020 The FortiGate does not, by default, send tunnel-stats information. Below is the list of problems we have found and configuration examples that will help you to solve them. Fortigate Forticlient SSL VPN configuration is simple and described in details on YouTube and in Fortinet cookbook.