Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
 

There are clients for Windows, OSX, AppleIOS (in the app store), Android (Google Play Store) and Linux below

Warning

...

REMC1 Staff, there is a K1000 distro that installs this and sets all the settings. It is recommended to use that (instructions below). For info on how the distro is made see: FortiClient VPN K1000 Distro

IMPORTANT INFO

  • USE PORT 10443

  • Download the SSL Vpn clients for Windows, OSX and Linux below. Use only these versions as they are tested to be stable
  • THE USER MUST BE ADDED TO THE REMC1MemberVPNAccess group DistrictVPN (ie. ADMVPN, CLKVPN, etc) group in the district's domain.  This group is a member of REMC1MemberVPNAccess at the root of the forest adremc1.org which is located in the ManagedServicesGroups OU. If this is a new employee/user it It may take 15min up to 30min for replication to occur before you can add the user.
  • The TSL 1.1 and 1.2 security protocols must be enabled (usually is by default), otherwise the connection will fail at 40%. The setting for that in WIndows is under Internet options→Advanced. You can access Internet Options through either the Control Panel or through Internet Explorer.
  • OUTSIDE VENDORS OR ENTITIES ONLY CONNECTING IN must → must be given a LOCAL FORTIGATE USER and added to the REMC1-District-Ipsecvpn-SSLvpn group  REMC1 EMPLOYEES (Or a group that is made especially for the vendor for limited access)
  • OUTSIDE VENDORS OR ENTITIES ONLY CONNECTING IN → If they only need DMZ access then only add them to the DMZvpn group on the fortigate. You can create other groups which will limit vendors to other areas. This is mentioned in the SSLvpn configuration wiki.
  • ONLY FOR REMC1 Employees→ REMC1 EMPLOYEES ONLY MUST BE ADDED TO THE REMC1VpnUsers user group in the REMC1 domain

Windows Installation and connection

To Manually Configure


  1. YOU MUST HAVE AN ACTIVE INTERNET CONNECTION TO INSTALL THIS CLIENT.
  2. THIS CLIENT STARTS A DOWNLOAD FROM FORTINET AFTER YOU START THE INSTALL. THIS MAY PAUSE FOR EVEN 10MIN AT 0% you must be patient it will continue if you have an internet connection.
  3. Download the most recent windows client exe from below
  4. Download and install 'District SSL VPN Connection And Clients'
  5. Run the install.  Installation may require local admin privileges. At one point the install downloads more packages MAY download updates from fortinet.  THIS MAY PAUSE FOR EVEN 10MIN AT 0% you must be patient it will continue if you have an internet connection.
  6. After running the install you should see a red shield on your desktop titled Forticlient.  Run this by double clicking.
    FortiClient desktop icon displayImage Modified
  7. You will get a Forticlient Console window. Click Select the 'Remote Access' tab and click the blue "'Configure VPN" ' link in the center of the white area (see picture below)
  8. Windows Forticlient console page, configure vpn link displayImage Modified
  9. Fill in the Provide a connection name
  10. The Remote gateway is most likely fortigate.remc1.net for you if you are a school districtmost individuals including Supportnet members, vendor, or other outside party. Otherwise please email or call support@remc1.net / 9064877624 to ask what the endpoint address is for your entity.
    1. Vendors and other 3rd parties require a user/pass to be added to the fortigate directly and provided to the vendor/3rd party (see step 10)
  11. Put a check in the customize port box and enter 10443
  12. Optional: Click the Click the 'Save Login' radio button and in the Username Field type in your username.  This will be your FULL USERNAME which designates what distict district or entity you are employed with. eg: jsmith@ccisd.adremc1.org or djohnson@han.adremc1.org .
      If you are a vendor REMC1 will supply you with your username. Contact   Contact REMC1 Support if you are unsure of your full username .at 9064877624
    Windows Forticlient edit vpn connection page displayImage Modified
  13. Click apply'Apply'

After Using The KACE Distro

Warning

This section is for REMC1 staff using the KACE distro to deploy the SSL VPN client.


If you used the K1000 distribution:

  1. Wait for a notification telling you that the settings were restored.
  2. Open the Forticlient console.
  3. Accept the EULA.
    Image Added
  4. Make sure the individual's account is in the VPN group in active directory listed above. If this is an organization that doesn't have a domain connected to the Fortigate proceed to making a user in the Fortigate for them. 
  5. You are ready to go. Enter your username (UPN if you are in the forest) and password.
    Image Added


To Connect

  1. You should see a red shield on your desktop titled Forticlient.  Run this by double clicking.  Alternatively, you may see a green shield in the lower right taskbar.  Right-click on that and select "connect 'Connect to (whatever you named your profile)" '.  See the pictures below.
    FortiClient desktop icon displayImage Modified
    Windows Forticlient right click, connect to profile path displayImage Modified
  2. Type in your username (if you didnt didn't set it up to autofill in the steps above).  This will be your FULL USERNAME which designates what distict district or entity you are employed with. eg: jsmith@ccisd.adremc1.org or djohnson@han.adremc1.org .  If you are a Vendor: Contact remc1 if you are unsure of your full username.
  3. Type in your NETWORK login password.  This will be the same password used to log into your work computer and your email. Its It's all one login. If you are a vendor or outside entity/non REMC1 member then REMC1 will supply you with the password.
  4. Click Click 'Connect'.  If you receive a certificate warning (you shouldnt shouldn't unless you used the IP address instead of fortigate.remc1.net as the remote gateway) accept it the certificate to finish the connection.
    Windows Forticlient console login page displayImage Modified
  5. Remember to disconnect when you are done.
  6. To disconnect double clock click on the Forticlient shield icon on your desktop and then click 'Disconnect' in the window that pops up OR right click on the green Forticlient shield in your taskbar and select disconnect . (see picture below)
    Windows Forticlient console connected page displayImage Modifiedor Windows Forticlient right click, disconnect from profile path displayImage Modified

OSX - Apple

To Manually Configure

  1. Download the OSX client below and double click on the download. It will mount as a drive. You must open the finder and click on it like a disk drive and run the forticlientupdate.app as shown in the screenshot below.OSX finder, fortigate client update path displayImage Modified
  2. A window will pop up. Click Click 'Continue', then 'Continue', then 'Agree to the license' (if you are UPGRADING then you will not see that step) then click the customize 'Customize' button on the lower middle part of the window (see screenshot below)
    OSX install Forticlient page, customize button displayImage Modified
  3. IMPORTANT NOW UNCHECK OTHER COMPONENTS or it will install a slew of annoying garbage such ass as webfilter, antivirus etc. which you dont don't need
  4. Click the 'Install' button and finally the close 'Close' button.
  5. On the top OSX Menu Bar click the Black Shield and select Open Forticlient Console OR Go to your Finder then click click 'Applications' on the left side of that window then on the right side double click on the Forticlient icon with the Red Shield (see pictures of both methods below).

    OSX menu bar black shield, open forticlient console path displayImage Modified
    or

    OSX finder tool, Applications, forticlient console path displayImage Modified
  6. Once open, click the 'Remote access Access' tab on the left side of the window then the gray gear icon on the right part of the window and select Add New Connection (see picture below)

    OSX forticlient console page displayImage Modified
  7. Select the SSLvpn radio button on top
  8. Name your connection: eg: CCISD or Hancock Schools or REMC1
  9. Remote Gateway: fortigate.remc1.net
  10. Click Click 'Customize Port' and type in 10443
  11. Click Click 'Save Login' checkbox

    OSX forticlient vpn add connection page displayImage Modified
  12. Type in your username in the Username field. This will be your FULL USERNAME which designates what distict district or entity you are employed with. eg: jsmith@ccisd.adremc1.org or djohnson@han.adremc1.org . Contact remc1 if you are a vendor/outside entity or are unsure of your full username.
  13. Click the 'Add' button at the bottom right

Using The KACE Distro

Warning

This section is for REMC1 staff using the KACE distro to deploy the SSL VPN client.


If you used the K1000 distribution:

  1. Deploy and wait for the software to install.
  2. Please allow 30 seconds after the icons appear in Applications for settings to apply.
  3. Client can then "double clicked" and it is ready for use.

To Connect

  1. On the top OSX Menu Bar click the Black Shield and select 'Open Forticlient Console' OR Go to your Finder then click 'Applications' on the left side of that window then on the right side double click on the Forticlient icon with the Red Shield (see pictures of both methods below).
    OSX finder tool, Applications, forticlient console path displayImage Modified
    or
    OSX menu bar black shield, connect to profile displayImage Modified
  2. When the window pops up make sure your correct VPN Name is selected
  3. Type in your username in the Username field. (skip if its already there and saved in the config from the initial setup) This will be your FULL USERNAME which designates what distict district or entity you are employed with. eg: jsmith@ccisd.adremc1.org or djohnson@han.adremc1.org . Contact remc1 if you are a vendor/outside entity or are unsure of your full username.
  4. Type in your NETWORK login password. This will be the same password used to log into your work computer and your email. Its all one login. If you are a vendor or outside entity/non REMC1 member then REMC1 will supply you with the password.
  5. Click Click 'Connect'
  6. Remember to disconnect when you are done. To disconnect, click on the shield in the top menu bar as explained above or double-click the forticlient Forticlient red shield in Applications and click disconnect'Disconnect'.  Screenshots for both methods are already included above.

Apple IOS

  • Availible Available in the app store. Titled Forticlient. I recommend just using the built in ipsec feature of IOS but the SSLvpn forticlient option does work well also. The settings are the same as explained above.

Android

Client Downloads - Windows - Linux - Apple OSX