Connecting VPNs before logging on (AD environments)
The VPN <options>
tag holds global information controlling VPN states. The VPN connects first, then logs on to Active Directory (AD)/domain.
<forticlient_configuration> <vpn> <ipsecvpn> <options> <show_vpn_before_logon>1</show_vpn_before_logon> <use_windows_credentials>1</use_windows_credentials> </options> <connections> <connection> <name>psk_90_1</name> <type>manual</type> <ike_settings> <prompt_certificate>0</prompt_certificate> <server>10.10.90.1;ipsecdemo.fortinet.com;172.17.61.143</server> <redundantsortmethod>1</redundantsortmethod> <auth_data> <certificate> <common_name> <match_type> <![CDATA[wildcard]]> </match_type> <pattern> <![CDATA[*]]> </pattern> </common_name> <issuer> <match_type> <![CDATA[simple]]> </match_type> <pattern> <![CDATA[Certificate Authority]]> </pattern> </issuer> </certificate> </auth_data> ... </ike_settings> </connection> </connections> </ipsecvpn> </vpn> </forticlient_configuration>
This is a balanced but incomplete XML configuration fragment. It includes all closing tags but omits some important elements to complete the IPsec VPN configuration.
RedundantSortMethod = 1
This XML tag sets the IPsec VPN connection as ping-response-based. The VPN connects to the FortiGate which responds the fastest.
RedundantSortMethod = 0
By default, RedundantSortMethod =0 and the IPsec VPN connection is priority-based. Priority-based configurations try to connect to the FortiGate starting with the first in the list.