By Manny Fernandez

May 18, 2020

FortiClient CLI for Linux using Realms

Last year I wrote an article about installing FortiClient on a Linux machine.  There were two options; CLI and GUI.  Today had a customer told me he was unable to connect to an SSL VPN I had set up that had multiple realms.  His connection was failing.  I had tested on my MacBook, a WinDoze 10, and on my iPhone with much success, but he was unable to.  I did a Zoom meeting with him and realized that he was ssh ‘ng to a Linux VM and running from there.  Here is a quick article showing the proper syntax for the CLI when using realms.

FortiClient command line syntax

./forticlientsslvpn_cli --server vpn.myinfoseclab.com:4443/contractor --vpnuser tstark

FortiGate Realm Configuration

On the FortiGate you would have a configuration similar to this:

Realm

Note:  You will need to enable SSL-VPN Realms by choosing System then Feature Visibility then enable SSL-VPN Realms

2020-05-18_16-48-31.png

Next, go to VPN then SSL-VPN Realms then Create New

2020-05-18_16-40-05.png

Portal

Now will need to create a VPN Profile to be used by Contractors.  This will allow you to define a different VPN pool of addresses, split or non-split tunneling, etc.

2020-05-18_16-42-46.png

I have already created a VPN tunnel for a previous portal named BananaSplit

Authentication Portal Mapping

2020-05-18_16-44-06.png

You will then need to match the User/Group with the specific realm (contractors) with the portal (BananaSplit).

Policy

Now we need to have a policy that contains the Contractor-Group.

2020-05-18_16-46-14.png

 

Hope this helps

Recent posts

  • There are many options when troubleshooting in FortiGate firewalls. ... Full Story

  • Have you ever had an IPS signature that continues... Full Story

  • Use case:  Customer has a Split Tunnel Enabled but... Full Story