Remote Access
This topic contains descriptions of general remote access settings.
|
Configuration |
Description |
|
|---|---|---|
|
Remote Access |
Enable or disable remote access. Enable or disable the eye icon to show or hide this feature from the end user in FortiClient. |
|
|
General |
||
|
Allow Personal VPN |
Allow users to create, modify, and use personal VPN configurations. |
|
|
Show VPN before Logon |
Allow users to select a VPN connection before logging into the system. |
|
|
|
Use Windows Credentials |
If allowing users to select a VPN connection before logging into the system, enable this option to allow them to use their current Windows username and password. |
|
Minimize FortiClient Console on Connect |
Minimize FortiClient after successfully establishing a VPN connection. |
|
|
Show Connection Progress |
Display information on FortiClient dashboard while establishing connections. |
|
|
Suppress VPN Notifications |
Block FortiClient from displaying VPN connection or error notifications. |
|
|
Disable Internet Check |
When disabled, VPN autoconnect only starts when the internet is accessible. When enabled, VPN autoconnect starts even if FortiClient cannot access the internet. |
|
|
Use Vendor ID |
Use vendor ID. Enter the vendor ID in the Vendor ID field. |
|
|
Enable Secure Remote Access |
FortiClient denies or allows the endpoint to connect to a VPN tunnel based on the tunnel's Host Tag configuration. See the Host Tag field description in SSL VPN and IPsec VPN. |
|
|
Current Connection |
Select the current VPN tunnel. |
|
|
|
Auto Connect |
Select a VPN tunnel for endpoints to automatically connect to when the end user logs into the endpoint. The end user must have established VPN connection manually at least once from the FortiClient GUI. |
|
|
Auto Connect Only When Off-Fabric |
Autoconnect to the selected VPN tunnel only when EMS considers the endpoint off-fabric. See On-fabric Detection Rules. |
|
Always Up Max Tries |
Maximum number of attempts to retry a VPN connection lost due to network issues. If set to 0, it retries indefinitely. |
|
|
Network Lockdown |
|
Configure network lockdown for off-fabric endpoints when they are not connected to SSL VPN. When network lockdown is configured, when an endpoint goes off-fabric, a grace period that the EMS administrator configured comes into effect. During the grace period, an endpoint can continue to access LAN and the Internet without restrictions. If the endpoint does not connect to SSL VPN by the end of the grace period, the endpoint cannot access LAN and the Internet. It can still access IP addresses and applications that the EMS administrator has configured as exceptions, as well as connect to VPN to regain Internet access. For a full tunnel VPN, LAN is only accessible if exclusive routing is disabled. The administrator configures a limited number of attempts for the end user to enter valid VPN credentials. Once the user reaches the limit, the endpoint is in network lockdown. This feature only supports SSL VPN on FortiClient (Windows) and (macOS). |
|
Grace Period |
|
Configure a grace period in seconds during which an off-fabric endpoint that is not connected to SSL VPN can continue to access LAN and the Internet without restrictions. |
|
Maximum Connection Attempts |
|
Confgure the maximum number of attempts for the end user of an off-fabric endpoint to enter valid SSL VPN credentials. |
|
Excluded Applications |
|
Enter the path to applications that an off-Fabric endpoint that is not connected to SSL VPN can still access. |
|
Excluded IPs |
|
Enter IP addresses that an off-Fabric endpoint that is not connected to SSL VPN can still access. |
