Connecting VPNs before logging on (AD environments)
The VPN <options>
tag holds global information controlling VPN states. The VPN connects first, then logs on to Active Directory (AD)/domain.
<forticlient_configuration> <vpn> <ipsecvpn> <options> <show_vpn_before_logon>1</show_vpn_before_logon> <use_windows_credentials>1</use_windows_credentials> </options> <connections> <connection> <name>psk_90_1</name> <type>manual</type> <ike_settings> <prompt_certificate>0</prompt_certificate> <server>10.10.90.1;ipsecdemo.fortinet.com;172.17.61.143</server> <redundantsortmethod>1</redundantsortmethod> <auth_data> <certificate> <common_name> <match_type> <![CDATA[wildcard]]> </match_type> <pattern> <![CDATA[*]]> </pattern> </common_name> <issuer> <match_type> <![CDATA[simple]]> </match_type> <pattern> <![CDATA[Certificate Authority]]> </pattern> </issuer> </certificate> </auth_data> ... </ike_settings> </connection> </connections> </ipsecvpn> </vpn> </forticlient_configuration>
This is a balanced but incomplete XML configuration fragment. The fragment includes all closing tags, but omits some important elements to complete the VPN configuration. For a list of all available elements, see the FortiClient XML Reference Guide.
|
Effect |
---|---|
1 |
Sets the IPsec VPN connection as ping response-based. The VPN connects to the FortiGate that responds the most quicky. |
0 |
Default value. The IPsec VPN connection is priority-based. Priority-based configurations try to connect to the FortiGate starting with the first in the list. |