Fortinet black logo

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

FortiClient configurations

In SSL-VPN tunnel mode, the FortiClient will initiate the connection. Below are two ways of configuring the SSL VPN connection profile.

To configure an SSL VPN remote access profile on FortiClient:
  1. Go to the Remote Access tab.
  2. Click the hamburger icon beside the VPN Name dropdown and select Add a new connection.
  3. Set the VPN to SSL-VPN.
  4. Set the Connection Name to SAML_SSLVPN.
  5. Set Remote Gateway to 10.0.3.254.
  6. Select Customize port and set it to 10443.
  7. Select Enable Single Sign On (SSO) for VPN Tunnel.
  8. Optionally, select Use external browser as user-agent for saml user authentication if you wish to use an external browser instead of the embedded module for authentication.
  9. Click Save.

To configure an SSL VPN remote access profile on FortiClient EMS:
  1. Go to Endpoint Profiles > Remote Access.
  2. Select an existing profile such as Default and click Edit.
  3. In VPN Tunnels, add Add Tunnel.
  4. In VPN Type, select Manual and click Next.
  5. In Basic Settings:
    1. Set Name to EMS_SAML_SSLVPN.
    2. Set Remote Gateway to 10.0.3.254.
    3. Set Port to 10443.
  6. In Advanced Settings:
    1. Enable SAML Login.
    2. b. Optionally, enable Use external browser as user-agent for saml user authentication if you wish to use an external browser instead of the embedded module for authentication.

  7. Click Save to save the VPN profile.
  8. Click Save again to save the changes to the Remote Access Profile.

  9. Shortly after, the FortiClient endpoint should receive the newly synced EMS_SAML_SSLVPN profile.
  10. View the settings on FortiClient.

FortiClient configurations

In SSL-VPN tunnel mode, the FortiClient will initiate the connection. Below are two ways of configuring the SSL VPN connection profile.

To configure an SSL VPN remote access profile on FortiClient:
  1. Go to the Remote Access tab.
  2. Click the hamburger icon beside the VPN Name dropdown and select Add a new connection.
  3. Set the VPN to SSL-VPN.
  4. Set the Connection Name to SAML_SSLVPN.
  5. Set Remote Gateway to 10.0.3.254.
  6. Select Customize port and set it to 10443.
  7. Select Enable Single Sign On (SSO) for VPN Tunnel.
  8. Optionally, select Use external browser as user-agent for saml user authentication if you wish to use an external browser instead of the embedded module for authentication.
  9. Click Save.

To configure an SSL VPN remote access profile on FortiClient EMS:
  1. Go to Endpoint Profiles > Remote Access.
  2. Select an existing profile such as Default and click Edit.
  3. In VPN Tunnels, add Add Tunnel.
  4. In VPN Type, select Manual and click Next.
  5. In Basic Settings:
    1. Set Name to EMS_SAML_SSLVPN.
    2. Set Remote Gateway to 10.0.3.254.
    3. Set Port to 10443.
  6. In Advanced Settings:
    1. Enable SAML Login.
    2. b. Optionally, enable Use external browser as user-agent for saml user authentication if you wish to use an external browser instead of the embedded module for authentication.

  7. Click Save to save the VPN profile.
  8. Click Save again to save the changes to the Remote Access Profile.

  9. Shortly after, the FortiClient endpoint should receive the newly synced EMS_SAML_SSLVPN profile.
  10. View the settings on FortiClient.