FortiClient configurations
In SSL-VPN tunnel mode, the FortiClient will initiate the connection. Below are two ways of configuring the SSL VPN connection profile.
To configure an SSL VPN remote access profile on FortiClient:
- Go to the Remote Access tab.
- Click the hamburger icon beside the VPN Name dropdown and select Add a new connection.
- Set the VPN to SSL-VPN.
- Set the Connection Name to SAML_SSLVPN.
- Set Remote Gateway to
10.0.3.254
. - Select Customize port and set it to 10443.
- Select Enable Single Sign On (SSO) for VPN Tunnel.
- Optionally, select Use external browser as user-agent for saml user authentication if you wish to use an external browser instead of the embedded module for authentication.
- Click Save.
To configure an SSL VPN remote access profile on FortiClient EMS:
- Go to Endpoint Profiles > Remote Access.
- Select an existing profile such as Default and click Edit.
- In VPN Tunnels, add Add Tunnel.
- In VPN Type, select Manual and click Next.
- In Basic Settings:
- Set Name to EMS_SAML_SSLVPN.
- Set Remote Gateway to
10.0.3.254
. - Set Port to 10443.
- In Advanced Settings:
- Enable SAML Login.
b. Optionally, enable Use external browser as user-agent for saml user authentication if you wish to use an external browser instead of the embedded module for authentication.
- Click Save to save the VPN profile.
- Click Save again to save the changes to the Remote Access Profile.
- Shortly after, the FortiClient endpoint should receive the newly synced EMS_SAML_SSLVPN profile.
- View the settings on FortiClient.