Connecting to SSL or IPsec VPN
Depending on the FortiClient configuration, you may also have permission to edit an existing VPN connection and delete an existing VPN connection.
Internet Explorer's SSL and TLS settings should be the same as those on the FortiGate.
For FortiClient (macOS), VPN connections requriing FIDO2 authentication is only supported with FortiOS 7.0.1 and later versions.
To connect to SSL or IPsec VPN:
- On the Remote Access tab, select the VPN connection from the dropdown list.
Optionally, you can right-click the FortiTray icon in the system tray and select a VPN configuration to connect.
Provisioned VPN connections are listed under Corporate VPNs. Locally configured VPN connections are listed under Personal VPNs.
- Enter your username and password.
- If a certificate is required, select a certificate. If the VPN tunnel was configured to require a certificate, you must select a certificate. If no certificate is required, the option is hidden in FortiClient. Your administrator may have configured FortiClient to automatically locate a certificate for you.
- Click the Connect button. Depending on the configuration received from EMS, you may also need to accept a disclaimer message to establish the connection.
When connected, FortiClient displays the connection status, duration, and other relevant information. You can browse your remote network. Click the Disconnect button when you are ready to terminate the VPN session.
Based on the Zero Trust tagging rules that your EMS administrator has configured, your endpoint may be unable to connect to VPN. The following shows the notification that the you see when your connection to the VPN tunnel is prohibited due to the applied Zero Trust tags. After you fix the vulnerabilities, FortiClient is allowed to establish the VPN connection.