SSL VPN
FortiClient (iOS) supports the following ways to add a VPN connection:
- Manually configure the VPN tunnel settings in the FortiClient (iOS) app. See To manually configure a VPN connection:.
- Provision a VPN tunnel in EMS and assign the profile to the mobile device. See To provision a VPN tunnel in EMS and assign the profile to the mobile device:.
- Scan a QR code to load VPN tunnel settings. See To scan a QR code to load VPN tunnel settings:.
- Receive a VPN configuration via a Mobileconfig profile. See Configuring a Mobileconfig VPN profile to install certificates.
To manually configure a VPN connection:
- In the Add VPN Configurations popup, tap Allow.
- Tap the VPN icon at the bottom of the screen to switch to the VPN page.
- Tap Connections > Edit > Add Configuration, then configure the following:
- Enter your passcode to confirm adding the VPN.
- Tap Done twice.
The Name, Host, and Port fields are required. The User, Hide invalid certificate warning, and User Certificate fields are optional.
To provision a VPN tunnel in EMS and assign the profile to the mobile device:
In the following instructions, the FortiClient end user takes some steps, while the FortiClient EMS administrator takes others.
- (FortiClient (iOS) end user) Connect FortiClient to EMS. See Zero Trust Telemetry.
- (EMS administrator) Configure an endpoint profile in EMS to apply to the iOS device.
- (EMS administrator) Configure the desired SSL VPN settings in the profile that they created in step 2. See SSL VPN.
To scan a QR code to load VPN tunnel settings:
- In the Add VPN Configurations popup, tap Allow.
- Tap VPN at the bottom of the screen to switch to the VPN page.
- Select Scan QR Code to add VPN.
- Once FortiClient (iOS) has scanned the code, the VPN menu lists the new tunnel.
To install a certificate received via email:
- Open the email, then download the received certificate. The certificate must have the .fctp12 extension for FortiClient (iOS) to import it. If the certificate does not have the .fctp12 extension, rename it so that it does.
- After downloading the certificate, select Copy to FortiClient. FortiClient (iOS) imports the certificate.
- In FortiClient (iOS), go to the VPN tab.
- Edit a VPN tunnel and enable Use Certificate.
- Tap File Name.
- Select the certificate imported earlier.
- On the Add/Edit VPN page, enter a passphrase to initiate the VPN connection.