Configuration guides for IT Administrators

Setup Forticlient Remote Access VPN in FortiGate Firewall

September 24, 2018

⏱︎

Read time:

Setup Forticlient Remote Access VPN in FortiGate Firewall

Please read carefully –

All FortiGate appliances are bundled with 10 free license of managed Forticlient that performs ‘Compliance Check’. If you go beyond 10, then additional license must be purchased. However, if you are using Forticlient for the purpose of VPN alone (without Compliance Check), then you don’t require additional license.

Remote Access VPN (IPSec VPN) provides secure encrypted tunnel for your remote users to access corporate network. Unlike SSL VPN, IPSec Remote Access VPN can be set up without any additional cost of SSL purchase.

Configure Remote Access IPSec VPN in FortiGate Firewall

Step 1 – Create Address Group for Forticlient

Policy & Objects > Addresses > click Create New > click Address Group

You must choose the IP range that is never used in your network. While connecting to FortiGate firewall, Forticlients will receive IP address from this range. For example, 192.168.180.0/24

Step 2 – Create User and User Group

Our recommendation is to configure Active Directory User Group instead of creating local user account on firewall appliance. AD provides lots of convenience in user management.

HostGator

24/7/365 Technical Support, Free Site Building Tools, 4500 Website Templates, Free Shopping Cart Software, Ideal for WordPress, 45 Day Money Back Guarantee

All in One WordPress Hosting

WordPress

High optimized WordPress hosting, secure firewall, HTTPS, Backup, hack-fix guarantee and many others at 30$ per month

Step 3 – VPN Wizard

In the first wizard, choose Remote Access option and FortiClient connectivity.

Specify Pre-shared key for firewall to authorize clients before prompting for additional credentials.

LAN interface is the interface that your local systems are connected.
Client Address Range: specify DHCP pool range for Forticlients, this should be in the same IP range as specified in Step 1.
Split tunnel allows Forticlients to access your corporate systems and at the same, Internet can be accessed over their home, hotel or wherever they are located.

Save Password: Allows the user to save the VPN connection password in the console.
Auto Connect: When FortiClient is launched, the VPN connection will automatically connect.
Always Up (Keep Alive): When selected, the VPN connection is always up even when no data is being processed. If the connection fails, keep alive packets sent to the FortiGate will sense when the VPN connection is available and re-connect.

Step 4 – Create Firewall IPv4 Policy

Final Step – Download and configure Forticlient

Download Forticlient here and establish IPSec VPN connection to your corporate network.

Categories: Firewall, FortiGate

Tags: forticlient, FortiGate, IPSec VPN, remote access vpn

Written By:

Administrator

4 responses to “Setup Forticlient Remote Access VPN in FortiGate Firewall”

download educational ebooks

May 25, 2025

Let’s spread the love! Tag a friend who would appreciate this post as much as you did.

Reply
User Experience & Support

May 25, 2025

Your honesty and vulnerability in sharing your personal experiences is truly admirable It takes courage to open up and I applaud you for it

Reply
SJ Digital Solutions

May 30, 2025

This post was very interesting and provided a lot of useful information. And also please SignUp and get 30USD FREE investment plan at https://investurns.com/

Reply
John Smith

April 14, 2026

I appreciate how this blog promotes self-growth and personal development It’s important to continuously strive to become the best version of ourselves

Reply

Lucas Brey

I’m Lucas Brey, a travel blogger sharing practical guides, hidden gems, and honest tips from the road. Follow along for smart itineraries, great food finds, and stories worth bookmarking.