Fortinet white logo
Fortinet white logo

Design considerations

Design considerations

The FortiClient configuration file is user-editable. The file uses XML format for easy parsing and validation. The configuration file includes all client configurations and references the client certificates.

Input validation

The import function performs basic validation and writes to log when it finds errors or warnings. Default values for omitted items are defined for VPN connections. For other settings, it ignores omitted values.

Handling password fields

When exporting, FortiClient encrypts password and username fields (prefixed with Enc). However, the import function can take the clear text or encrypted format.

Importing configuration file segments

Importing a configuration file segment is valid. However, the segment should follow the syntax and level that this document defines. For example, this is a valid segment:

<?xml version=”1.0” encoding=”utf-8”?>

<forticlient_configuration>

<VPN>

<SSLVPN>

<connections>

<connection>

// connection 1

</connection>

</connections>

</SSLVPN>

</VPN>

</forticlient_configuration>

This is an invalid segment:

<?xml version=”1.0” encoding=”utf-8”?>

<connections>

<connection>

// connection 1

</connection>

</connections>

Client certificate

The configuration file includes the client certificate(s) when exported in an encrypted format.

Design considerations

Design considerations

The FortiClient configuration file is user-editable. The file uses XML format for easy parsing and validation. The configuration file includes all client configurations and references the client certificates.

Input validation

The import function performs basic validation and writes to log when it finds errors or warnings. Default values for omitted items are defined for VPN connections. For other settings, it ignores omitted values.

Handling password fields

When exporting, FortiClient encrypts password and username fields (prefixed with Enc). However, the import function can take the clear text or encrypted format.

Importing configuration file segments

Importing a configuration file segment is valid. However, the segment should follow the syntax and level that this document defines. For example, this is a valid segment:

<?xml version=”1.0” encoding=”utf-8”?>

<forticlient_configuration>

<VPN>

<SSLVPN>

<connections>

<connection>

// connection 1

</connection>

</connections>

</SSLVPN>

</VPN>

</forticlient_configuration>

This is an invalid segment:

<?xml version=”1.0” encoding=”utf-8”?>

<connections>

<connection>

// connection 1

</connection>

</connections>

Client certificate

The configuration file includes the client certificate(s) when exported in an encrypted format.