FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
gfantappie
Staff
Staff
Article Id 192391

Description
This article describes how to install  FortiClient v4.00 MR2 to support IKE Mode Config.

Scope
FortiClient v4.00 MR2 and above

Solution
To enable IKE Mode Config feature, FortiClient must be installed with the following switch from a Windows command prompt :

> msiexec /i FortiClient.msi IKEVENDORID=CISCO-UNITY


This switch will add to "Acquire virtual IP address" menu the "Mode Config" button,  which has to be selected for this configuration.
Additionally "eXtended Authentication" must be set to let the IKE Mode Config work.

gfantappie_FD32514_FD32514_3.jpg


FortiGate VPN basic configuration example with Mode Config :

config vpn ipsec phase1-interface
    edit "vpn1"
        set type dynamic
        set interface "wan1"
        set proposal 3des-sha1 aes128-sha1
        set xauthtype auto
        set mode-cfg enable
        set authusrgrp "
group"
        set ipv4-start-ip 10.10.10.1
        set ipv4-end-ip 10.10.10.254
        set ipv4-netmask 255.255.255.0
        set ipv4-dns-server1 192.168.183.2
        set ipv4-split-include "internal_subnet"
        set domain "fortinet"
        set psksecret <psksecret>
    next
end

config vpn ipsec phase2-interface
    edit "vpn2"
        set phase1name "vpn1"
        set proposal 3des-sha1 aes128-sha1
    next
end

config user local
    edit "fortinet_user"
        set type password
        set passwd <password>
    next
end

config user group
    edit "group"
            set member "fortinet_user"            
    next
end


Note : appropriate FortiGate firewall policies and static routes are required to complete the VPN example.



Contributors