Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
smashytech
New Contributor

Created on ‎03-05-2019 05:48 AM

IPSEC vpn with certificate auth on forticlient

Hi,

 

We're trying to se up cert based authentication via forticlient in our enviroment. We're running 5.6.6 and we have a working ipsec with local user /pw setup. However we now want to move to a cert based authentication.

We're not really getting past phase 1, and we have a really hard time debugging this to see what the issue is.

 

I've looked at these guides and examples:

https://docs.fortinet.com/document/forticlient/6.0.5/xml-reference-guide/673310/ipsec-vpn

and

https://cookbook.fortinet.com/ipsec-vpn-with-forticlient-56/

 

To clear out the obvious:

And this is the same on the forticlient settings.

 

 

 

Preview file
71 KB
2721
0 Kudos
2 REPLIES 2
sonarden
New Contributor

Created on ‎03-22-2020 11:53 AM

Are you using FortiClient EMS or a standalone client?

1332
0 Kudos
sonarden
New Contributor
In response to sonarden

Created on ‎03-22-2020 12:02 PM

The reason I ask is because the tunnel will not even try to connect if you have two Diffie-Hellman groups in the FortiClient configuration, since the tunnel will not even build if the FortiClient profile is propagated from EMS.  The client act as if it is trying to connect, but it is not.

I have dozens of certificate authenticating clients right now that are working with both xauth and MFA right now.

I hope this helps.

1332
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.