For FortiGate administrators, a free version of FortiClient VPN is available which supports basic IPsec and SSL VPN and does not require registration with EMS. This version does not include central management, technical support, or some advanced features.
When the free VPN client is run for the first time, it displays a disclaimer. You cannot configure or create a VPN connection until you accept the disclaimer and click I accept:
To configure an SSL VPN connection:
- On the Remote Access tab, click on the settings icon and then Add a New Connection.
- Select SSL-VPN, then configure the following settings:
Select Prompt on connect or the certificate from the dropdown list.
Select Prompt on login for a prompt on the connection screen
- Click Save to save the VPN connection.
To connect to SSL VPN:
- On the Remote Access tab, select the VPN connection from the dropdown list.
Optionally, you can right-click the FortiTray icon in the system tray and select a VPN configuration to connect.
- Enter your username and password.
- Click the Connect button.
- After connecting, you can now browse your remote network. Traffic to 192.168.1.0 goes through the tunnel, while other traffic goes through the local gateway. FortiClient displays the connection status, duration, and other relevant information.
- Click the Disconnect button when you are ready to terminate the VPN session.
To check the SSL VPN connection using the GUI:
- On the FortiGate, go to VPN > Monitor > SSL-VPN Monitor to verify the list of SSL users.
- On the FortiGate, go to Log & Report > Forward Traffic to view the details of the SSL entry.
To check the tunnel log in using the CLI:
get vpn ssl monitor SSL VPN Login Users: Index User Auth Type Timeout From HTTP in/out HTTPS in/out 0 sslvpnuser1 1(1) 291 10.1.100.254 0/0 0/0 SSL VPN sessions: Index User Source IP Duration I/O Bytes Tunnel/Dest IP 0 sslvpnuser1 10.1.100.254 9 22099/43228 10.212.134.200