Fortinet black logo

Design considerations

Design considerations

The FortiClient configuration file is user-editable. The file uses XML format for easy parsing and validation. The configuration file is inclusive of all client configurations and references the client certificates.

Input validation

The import function performs basic validation and writes to log when errors or warnings are found. Default values for omitted items are defined for VPN connections. For other settings omitted values are ignored.

Handling password fields

When exporting, FortiClient encrypts password and username fields (prefixed with Enc). However, the import function can take the clear text or encrypted format.

Importing configuration file segments

It is valid to import a segment of a configuration file. However, the segment should follow the syntax and level defined in this document. For example, this is a valid segment:

<?xml version=”1.0” encoding=”utf-8”?>

<forticlient_configuration>

<VPN>

<SSLVPN>

<connections>

<connection>

// connection 1

</connection>

</connections>

</SSLVPN>

</VPN>

</forticlient_configuration>

This is not a valid segment:

<?xml version=”1.0” encoding=”utf-8”?>

<connections>

<connection>

// connection 1

</connection>

</connections>

Client certificate

The configuration file includes the client certificate(s) when exported in an encrypted format.

Design considerations

The FortiClient configuration file is user-editable. The file uses XML format for easy parsing and validation. The configuration file is inclusive of all client configurations and references the client certificates.

Input validation

The import function performs basic validation and writes to log when errors or warnings are found. Default values for omitted items are defined for VPN connections. For other settings omitted values are ignored.

Handling password fields

When exporting, FortiClient encrypts password and username fields (prefixed with Enc). However, the import function can take the clear text or encrypted format.

Importing configuration file segments

It is valid to import a segment of a configuration file. However, the segment should follow the syntax and level defined in this document. For example, this is a valid segment:

<?xml version=”1.0” encoding=”utf-8”?>

<forticlient_configuration>

<VPN>

<SSLVPN>

<connections>

<connection>

// connection 1

</connection>

</connections>

</SSLVPN>

</VPN>

</forticlient_configuration>

This is not a valid segment:

<?xml version=”1.0” encoding=”utf-8”?>

<connections>

<connection>

// connection 1

</connection>

</connections>

Client certificate

The configuration file includes the client certificate(s) when exported in an encrypted format.