Scribd
Upload
215 views16 pages

FortiClient Scripting Nov2015

Uploaded by

SJ.4747
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
215 views16 pages

FortiClient Scripting Nov2015

Uploaded by

SJ.4747
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

FortiClient Scripting Examples

11/11/2015

© Copyright Fortinet Inc. All rights reserved.


Summary

 The following deck will give examples of:


» XML configurations for LDAP and Certificate based setup
» Batch scripting for applying the XML config
» Batch scripting for silently installing the FortiClient software
» Batch scripting for silently removing the FortiClient software

2
XML Files

 The FortiClient config XML files are fully customisable


 There is a XML Reference Guide to help customise
 Full or Partial XML files can be imported into the FortiClient
 Username, Passwords, Pre-Shared Key and Certificate Names
can be imported into FortiClient in either clear text or encrypted
format
 XML config can be imported directly from a script or pushed from
the FortiGate/FortiManager

3
FortiClient - Install

1. Download required version of FortiClient Tools from


Support.Fortinet.com
2. Extract ZIP onto administrator machine
3. Within the folder FortiClientConfigurator run
FortiClientConfigurator.exe
4. Follow Step-By-Step guide

4
FortiClient Configurator – Step By Step Guide

5
FortiClient – Silent Install

 Using the MSI and MST  Script – FortiClient Deploy


from the Active Directory » msiexec /passive /i
folder of the custom install "FortiClient.msi"
 Script can be used to TRANSFORMS=FortiClient.mst
silently install FortiClient
onto the client

6
FortiClient – Removal

 The FortiClient Tool set  Script – FortiClient Removal


comes with a FortiClient » wmic product where
removal tool name=”FortiClient” call
 FCRemove is located in uninstall /nointeractive
» FCRemove.exe
SupportUtils
» shutdown -r

7
LDAP_Base_Config.XML

 This is the initial XML to be


deployed onto a newly
installed client
 Enter in clear text the
Pre-Shared Key, Username
and Password
 Validate the VPN config,
edit if required

8
Importing LDAP_Base_Config.XML

 The shown script will  Script – LDAP_Base_Config.bat


import the edited file and » fcconfig -m all -f
encrypt the Pre-shared c:\LDAP_Base_Config.xml -o
Key, Username and import -i 1
Password » del c:\LDAP_Base_Config.xml
 It will also import the » fcconfig -m all -f
c:\backout\Enc_LDAP_Base_C
required VPN setup
onfig.xml -o export -i 1
 The final step is to export
the encrypted config onto
the client in case it is
required 9
Cert_Base_Config.XML

 This is the XML to be


deployed onto a newly
installed client for Cert Auth
 Place Cert / Key in
C:/Program
Files/Fortinet/FortiClient/cert
/local/
 Enter in clear text the
Certificate Name

10
Importing Cert_Base_Config.XML

 The shown script will  Script - Cert_Base_Config.bat


import the edited file and » fcconfig -m all -f
encrypt the certificate c:\Cert_Base_Config.xml -o
details import -i 1
» del c:\Cert_Base_Config.xml
 The final step is to export
» fcconfig -m all -f
the encrypted config onto
c:\backout\Enc_Cert_Base_Co
the client in case it is
nfig.xml -o export -i 1
required

11
XML Example Configs

 LDAP_Base_Config
» Example Config

 Cert_Base_Config
» Example Config

12
Key XML Settings – AutoConnect / Always Up

 Enabling VPN autoconnect  Enabling VPN always up


» VPN auto connect uses the » VPN always up uses the
following XML tag: following XML tag:
 <autoconnect_tunnel>ATM_Lon</autoc  <keep_running>1</keep_running>
onnect_tunnel>
 Inside:
 Inside: » <vpn>
» <vpn>  <connection>
 <options>

13
Key XML Settings - Create Redundant IPSec VPN

14
Central Management - FortiClient

 To allow central management of


the XML configuration go onto the
relevant FortiGate and within the
CLI:
» config endpoint-control profile
» edit <profile_name>
» config forticlient-winmac-settings
» set forticlient-advanced-cfg enable
» end
» end
 Partial XML configurations can be
pushed down
15
Admin and Reference Guides

 FortiClient Admin Guide


» http://docs.fortinet.com/d/forticlient-524-admin-guide
 FortiClient XML Reference Guide
» http://docs.fortinet.com/d/forticlient-5.2.4-xml-reference
 FortiClient 5.2.4 Release Notes
» http://docs.fortinet.com/d/forticlient-5.2.4-windows-release-notes.pdf

16

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy