Deploying FortiClient VPN Only

fb
New Contributor II

Hello everyone,

 

we try to deploy "FortiClient VPN Only" via Jamf Pro. 

I saw in the forum that there is an existing tutorial for the licensed version of the FortiClient with the install.mpkg file but nothing for the "VPN Only"-Client wich has no install.mpkg.

If we try to deploy this version we only get a blank window after starting FortiClient.

Is there anybody who is deploying "FortiClient VPN Only"?

 

Best regards,

Felix

1 ACCEPTED SOLUTION

fb
New Contributor II

Hello,

we found that installing with the "VPN Only" installer from the Fortinet homepage does not work (there is simply no install.mpkg there). 

Fortunately, it then worked without any problems with the installer, which you can download from https://support.fortinet.com/ with a Fortinet account.

That then ran analogously to the FortiClient tutorial here in the forum.

 

Best regards,

Felix

 

View solution in original post

9 REPLIES 9

Kamel_Metawh
New Contributor

Hi @fb .

Does the "FortiClient VPN Only" have any custom config. files that need to be installed.
We use FortiClient for VPN and we have a (.dmg) file that has the install.mpkg and 2 "custom config. files" that have all our custom settings generated from our FortiClient EMS portal. when we're testing deploying FortiClient via Jamf Pro and the "custom config. files" were not installed correctly we're getting a blank window after starting FortiClient.

Once we fixed the issue with installing the "custom config. files" correctly, everything worked fine all our custom settings & custom VPN connection was loading fine. 
The 2 config files: (custom.conf) & (default.conf).

 

Hi @Kamel_Metawh 

I was looking to deploy a custom config version of 7.0.1 from my EMS portal and ran into a similar blank window. 

Can I brain pick you on your method of installing the custom.conf and default.conf files? 

I followed this guide to make a policy with a separate settings package and the installer.mpkg  https://community.jamf.com/t5/jamf-pro/tutorial-forticlient-6-4-x-deploy-with-config/td-p/232233#res...

I was able to see the custom VPN configuration until I went to authenticate in the remote access tab. After entering my creds the remote access tab disappeared and Forticlient looked like a blank unconfigured slate. 

 

Hi @HelpDeskDog, So basically I created a new folder and copied the (Install.mpkg & fctdata folder "the folder that contains our 2 custom .config files") from the (.dmg) to the new folder called (FortiClient_6.4.1).

Now drag & drop the new folder into the composer app. and add the following script to the post install scripts:

#!/bin/bash

cd /library/Application Support/JAMF/temp/

hdiutil attach -nobrowse FortiClient_6.4.1.dmg

cd /Volumes/FortiClient/install.mpkg

installer -pkg install.mpkg -target /

cd /

sleep 20

hdiutil detach /Volumes/FortiClient

cd /library/Application Support/JAMF/temp/

echo "cleaning up"

rm FortiClient_6.4.1.dmg

 

Once you and the script to the post install, build a (.dmg) file and add it to to your VPN jamf policy.

Screenshot 2022-08-15 at 14.55.23.png

 

Thank you! I appreciate your reply. I'll test this out on 7.0.1

fb
New Contributor II

Hello,

we found that installing with the "VPN Only" installer from the Fortinet homepage does not work (there is simply no install.mpkg there). 

Fortunately, it then worked without any problems with the installer, which you can download from https://support.fortinet.com/ with a Fortinet account.

That then ran analogously to the FortiClient tutorial here in the forum.

 

Best regards,

Felix

 

Ferdi
New Contributor

The problem with this is that it is install only and won't perform an update in the future when you need the newest version

jttavares
New Contributor III

IDK, I have had nothing but problems with Forticlient VPN only.  I have had to revert back to version 6.4.1 which I have successfully used using Self Service creating a pkg with Composer shapshot.  Forticlient versions 7,  I get constant issues.  We use Single Sign On, and the client connects, then immediately disconnects.  I have given up troubleshooting as I don't have the cycles to keep digging into this since Forticlient support is useless.  6.4.1 just seems to work, even with Monterey.   I wish there was full documented procedure on deploying this as well as documented PPPC configuration.   I even manually loaded version 7 under an admin account, and still the connection last about a second, then just disconnects.  So frustrating.

ianatkinson
Contributor

Just putting some info in here to help others who might be searching for this.

You can get a pkg out of FortiClient without having a log in though it's a bit of a faff, certainly easier to download it from the support website as long as you have an account:

  • Download the FortiClient VPN from https://www.fortinet.com/support/product-downloads#vpn (this is a wrapper only)
  • Run the downloaded app, this will get forticlient from the Internet
  • cd $(find /System/Volumes/Data/private -name "fctupdate" -type d 2>&1 | grep fctupdate)
  • Copy out the Install.mpkg file from the DMG in the folder above, this is the actual installer

That's what I was doing before I found this and realised you could download it properly :)

Also I've discovered that updating the FortiClient VPN is fiddly as the installer insists on an uninstall of the previous version. They provide an uninstaller however this is a GUI so won't automate with JAMF (unless there's some flag that can be passed to it that I don't know about).

This small script seems to work OK though and can be run before installing the new version:

 

 

#/usr/bin/env zsh

if [ -d /Applications/FortiClient.app ] ; then
echo "removing previous FortiClient"
pkill -i forticlient
chflags noschg /Applications/FortiClient* # remove lock
rm -rf /Application/FortiClient*
rm -rf /Library/Application\ Support/Fortinet
fi

Thank you Ian, I used this method with success today after I was unable to locate the installer that is referred to above on the FortiNet support page.