By Manny Fernandez

March 24, 2020

Create Custom Install Packages for FortiClient

When you are deploying FortiClient without EMS and you want to create an installation package with pre-configured VPN connections, here is how to do it.  What you are going to need:

  • FortiClient downloaded from support.fortinet.com (NOT from www.forticlient.com)
  • FortiClient Configurator (Please get with your Fortinet sales team to gain access to the Fortinet Developer Network).
  • Computer running a fresh installation of FortiClient with the configuration you want to duplicate.

Lets get started.

Fortinet Developer Network

You will need to reach out to your Fortinet Sales Team and request two Fortinet employees to sponsor you.  Once you get access to the FDN..

2020-03-23_23-51-23

Go to Tools then Personal Toolkit and download FortiClient Configurator

There is a Windows and Mac version of the tool.

Downloading the FortiClient Install

2020-03-23_23-55-26

Go to support.fortinet.com and click Download then Firmware Images

2020-03-23_23-56-05

On the drop down, choose FortiClient then choose Download , Choose your platform and choose the 6.0 client. (6.2+ Requires EMS)

Install FortiClient

You will need to either install a fresh installation of FortiClient & configure it as necessary.  This will be the configuration the subsequent FortiClients will use.

Snag_32e0bfb1

Double-click on the installation package of FortiClient (Not the FortiClient Configurator) and hit Install

Snag_32e0a9a8

If you accept the license agreement, check the box and hit Next

Snag_32e0b0ec

Choose the options that you want to install, in our case we only want Security Fabric Agent which is on by default and Secure Remote Access

NOTE:  If you are installing the Single Sign On Mobility Agent (SSOMA), you can choose Additional Security Features and select the SSOMA.

Snag_32e0b89d

Choose the path and hit Next

Snag_32e0e191

Once the installation is complete, click Finish

Configuring the VPN Connection

Snag_32e4dd96

By default, when you launch FortiClient for the first time, you will be taken to the Compliance and Telemetry tab.  Choose Remote Access

Snag_32e4d4ad

By default, you will not have any VPN connections configured and will see the Configure VPN button in the middle of the screen.

Snag_32e4cec1

Make your configurations based on your VPN Portals on the FortiGate and hit Save

Snag_32e4c8e5

Once you have finished making all the changes you want to make, got to Settings then choose Backup from the top section.

Snag_32e4c1e0

Give it a descriptive name and a path, then click Save

Running FortiClient Configurator

Now we are going to unzip the FortiClient Configurator and run the executable.

Double-click on the executable

Snag_32db3bb4

In this section, you will choose the configuration file you created on the first installation.  Choose it by clicking the ... button next to the blank field.

Snag_32db4f8a

Here you can see the features you want to enable.  As you can see, you have additional Options where you can add shortcuts to different sections and have the client auto-update.  The click Next

Once the configuration completes, you will be able to access the repacked folder beneath the folder you ran the configurator from.

Snag_32db6f38

You have two options, a manual install and an AD install which has a .mst file.

Once you install the package of your choice, you should have the same configuration you have in the previous install.

Snag_32dc23e2

Hope this helps

 

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • If you have ever dug through a drawer full... Full Story

  • In this article, I will cover the basic AC... Full Story

  • OSPF (Open Shortest Path First) is a link-state IGP... Full Story