Version:


Table of Contents

7.0.0
Download PDF
Copy Link

Features

Feature

Description

SSL VPN (tunnel mode)

SSL VPN in tunnel mode supports the following:

  • IPv4

    Example: https://24.1.20.17

  • IPv6

    Example: https://[1002:470:71f1:63::2]

  • Full tunnel and split tunnel (IP address and subnet-based), including negative split tunnel
  • SSL realm, custom DNS server, DNS suffix
  • Username and password authentication
  • PKI user with a personal certificate, FortiToken, and client certificate
  • Always up

FortiClient (iOS) does not support SSL VPN resiliency.

Web Filter

FortiClient (iOS) supports all browser traffic.

Zero Trust Telemetry

Connect to FortiGate and EMS for central management.

 

mobileconfig

Use the mobileconfig file to preconfigure a Zero Trust Telemetry preferred host. Once FortiClient starts, it uses this preferred host to connect.

FortiAnalyzer support

 

Send logs to FortiAnalyzer when configured from FortiClient EMS. See the FortiClient EMS Administration Guide.

SSL DNS server for split tunnel

To use the SSL DNS server for split tunnel, you must configure the DNS suffix on the FortiGate side. Following is an example of configuring SSL DNS server for split tunnel using FortiOS:

config vpn ssl settings

set dns-suffix

"domain1.com;domain2.com;domain3.com;domain4.com;domain5.com;domain6.com;domain7.com;domain8.com"

set dns-server1 10.10.10.10

set dns-server2 10.10.10.11

end

config vpn ssl web portal

edit "full-access"

set dns-server1 10.10.10.10

set dns-server2 10.10.10.11

set split-tunneling enable

next

end

If you configure the split tunnel, only DNS requests that match DNS suffixes use the DNS servers configured in the VPN. Due to iOS limitations, the DNS suffixes are not used for search as in Windows. Using short (not fully qualified domain name (FQDN)) names may not be possible.

Features

Feature

Description

SSL VPN (tunnel mode)

SSL VPN in tunnel mode supports the following:

  • IPv4

    Example: https://24.1.20.17

  • IPv6

    Example: https://[1002:470:71f1:63::2]

  • Full tunnel and split tunnel (IP address and subnet-based), including negative split tunnel
  • SSL realm, custom DNS server, DNS suffix
  • Username and password authentication
  • PKI user with a personal certificate, FortiToken, and client certificate
  • Always up

FortiClient (iOS) does not support SSL VPN resiliency.

Web Filter

FortiClient (iOS) supports all browser traffic.

Zero Trust Telemetry

Connect to FortiGate and EMS for central management.

 

mobileconfig

Use the mobileconfig file to preconfigure a Zero Trust Telemetry preferred host. Once FortiClient starts, it uses this preferred host to connect.

FortiAnalyzer support

 

Send logs to FortiAnalyzer when configured from FortiClient EMS. See the FortiClient EMS Administration Guide.

SSL DNS server for split tunnel

To use the SSL DNS server for split tunnel, you must configure the DNS suffix on the FortiGate side. Following is an example of configuring SSL DNS server for split tunnel using FortiOS:

config vpn ssl settings

set dns-suffix

"domain1.com;domain2.com;domain3.com;domain4.com;domain5.com;domain6.com;domain7.com;domain8.com"

set dns-server1 10.10.10.10

set dns-server2 10.10.10.11

end

config vpn ssl web portal

edit "full-access"

set dns-server1 10.10.10.10

set dns-server2 10.10.10.11

set split-tunneling enable

next

end

If you configure the split tunnel, only DNS requests that match DNS suffixes use the DNS servers configured in the VPN. Due to iOS limitations, the DNS suffixes are not used for search as in Windows. Using short (not fully qualified domain name (FQDN)) names may not be possible.