By Manny Fernandez

May 18, 2020

FortiClient CLI for Linux using Realms

Last year I wrote an article about installing FortiClient on a Linux machine.  There were two options; CLI and GUI.  Today had a customer told me he was unable to connect to an SSL VPN I had set up that had multiple realms.  His connection was failing.  I had tested on my MacBook, a WinDoze 10, and on my iPhone with much success, but he was unable to.  I did a Zoom meeting with him and realized that he was ssh ‘ng to a Linux VM and running from there.  Here is a quick article showing the proper syntax for the CLI when using realms.

FortiClient command line syntax

./forticlientsslvpn_cli --server vpn.myinfoseclab.com:4443/contractor --vpnuser tstark

FortiGate Realm Configuration

On the FortiGate you would have a configuration similar to this:

Realm

Note:  You will need to enable SSL-VPN Realms by choosing System then Feature Visibility then enable SSL-VPN Realms

2020-05-18_16-48-31.png

Next, go to VPN then SSL-VPN Realms then Create New

2020-05-18_16-40-05.png

Portal

Now will need to create a VPN Profile to be used by Contractors.  This will allow you to define a different VPN pool of addresses, split or non-split tunneling, etc.

2020-05-18_16-42-46.png

I have already created a VPN tunnel for a previous portal named BananaSplit

Authentication Portal Mapping

2020-05-18_16-44-06.png

You will then need to match the User/Group with the specific realm (contractors) with the portal (BananaSplit).

Policy

Now we need to have a policy that contains the Contractor-Group.

2020-05-18_16-46-14.png

 

Hope this helps

Recent posts

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story