The remote endpoint, WIN10-01, is ready to connect to VPN before logon automatically. The example assumes the following:
- User has logged in to Windows.
- FortiClient is registered to EMS.
- FortiClient received the latest Remote Access profile update from EMS.
- VPN is not established.
In FortiClient, go to the Remote Access tab. The machine-cert-vpn-auto tunnel appears. The client certificate of the matching certificate should be selected.
This step restarts the Windows computer to demonstrate automatic VPN connection before user logon. It also optionally enables debug logs on the FortiGate to demonstrate the authentication that occurs during the connection.
- In FortiOS, run the following commands:
diagnose debug enable
diagnose debug application fnbamd -1
- Trigger a restart on the remote endpoint.
- When Windows boots up and the signin screen appears, FortiOS receives the SSL VPN connection request, and the debugs appear in the CLI. Go to the Dashboard > Network > SSL-VPN widget to confirm the tunnel has been established.
- On the Windows signin screen, log in with your user credentials. No additional VPN tunnel successful messages display.
- In FortiClient on the Remote Access tab, confirm that the tunnel already established.