Remote Access
This topic contains descriptions of general remote access settings.
|
Configuration |
Description |
|
|---|---|---|
|
Remote Access |
Enable or disable remote access. Enable or disable the eye icon to show or hide this feature from the end user in FortiClient. |
|
|
General |
|
|
|
Allow Personal VPN |
Allow users to create, modify, and use personal VPN configurations. |
|
|
Disable Connect/Disconnect |
Disable the Connect/Disconnect button when using Auto Connect with VPN. |
|
|
Show VPN before Logon |
Allow users to select a VPN connection before logging into the system. |
|
|
|
Use Windows Credentials |
If allowing users to select a VPN connection before logging into the system, enable this option to allow them to use their current Windows username and password. |
|
Minimize FortiClient Console on Connect |
Minimize FortiClient after successfully establishing a VPN connection. |
|
|
Show Connection Progress |
Display information on FortiClient dashboard while establishing connections. |
|
|
Suppress VPN Notifications |
Block FortiClient from displaying any VPN connection or error notifications. |
|
|
Use Vendor ID |
Use vendor ID. Enter the vendor ID in the Vendor ID field. |
|
|
Enable Secure Remote Access |
FortiClient denies or allows the endpoint to connect to a VPN tunnel based on the tunnel's Host Tag configuration. See the Host Tag field description in SSL VPN and IPsec VPN. |
|
|
Current Connection |
Select the current VPN tunnel. |
|
|
|
Auto Connect |
Select a VPN tunnel for endpoints to automatically connect to when the end user logs into the endpoint. The end user must have established VPN connection manually at least once from FortiClient GUI. |
|
|
Auto Connect Only When Off-Fabric |
Autoconnect to the selected VPN tunnel only when EMS considers the endpoint off-fabric. See On-fabric Detection Rules. |
|
Always Up Max Tries |
Maximum number of attempts to retry a VPN connection lost due to network issues. If set to 0, it retries indefinitely. |
|
|
Network Lockdown |
Configure network lockdown for off-fabric endpoints when they are not connected to SSL VPN. When network lockdown is configured, when an endpoint goes off-fabric, a grace period that the EMS administrator configured comes into effect. During the grace period, an endpoint can continue to access LAN and the Internet without restrictions. If the endpoint does not connect to SSL VPN by the end of the grace period, the endpoint cannot access LAN and the internet. It can still access IP addresses and applications that the EMS administrator has configured as exceptions. FortiClient blocks both incoming and outgoing connection traffic unless the EMS administrator has configured it as an exception. After the end of the grace period, the endpoint can connect to VPN to regain internet access. For a full tunnel VPN, LAN is only accessible if exclusive routing is disabled. The administrator configures a limited number of attempts for the end user to enter valid VPN credentials. Once the user reaches the limit, the endpoint is in network lockdown. This feature only supports SSL VPN on FortiClient (Windows). |
|
|
Grace Period |
Configure a grace period in seconds during which an off-fabric endpoint that is not connected to SSL VPN can continue to access LAN and the internet without restrictions. |
|
|
Maximum Connection Attempts |
Configure the maximum number of attempts for the end user of an off-fabric endpoint to enter valid SSL VPN credentials. |
|
|
Paths to Excluded Applications |
Enter the path to applications that an off-Fabric endpoint that is not connected to SSL VPN can still access. |
|
|
Excluded IPs |
Enter IP addresses that an off-Fabric endpoint that is not connected to SSL VPN can still access. |
|
