VPN Configuration

vikki · February 24, 2016, 7:49am

Dear Team,

We are using fortinet client for VPN access in our office, We can install the fortinet client package from our bigfix software distribution wizard.

Here we need your help on configure IP address and Port no on Fortinet client sotware through our fixlet , If anyone have idea or fixlets for this please share with me, Its more helpful for us.

Thanks & Regards
Vicky

steini44 · February 24, 2016, 7:57am

Hi @vikki

I don’t think it’s possible to fill in those fields through fixlets. I can think of 2 options:

There are extra parameters with the .exe/msi you can use to fill this in.
There is somewhere a config/ini file that you can adjust so that is filled in.

I did find this online: http://docs.fortinet.com/uploaded/files/2076/forticlient-xml-52.pdf

So probably somewhere there is an xml file with the settings.If so, you can easily upload that xmlfile with the correct settings in IBM and copy it to the clients with a fixlet.

I hope this helps.

Greetings

vikki · February 25, 2016, 7:27am

Hi

I agreed with your statement, I have one option if setup.exe /msi of fortinet and one more config file we need place into single folder and start the setup means its automatically taken the configuration file (like our BES client manual deploy) so please anyone describe the situation on our bigfix software distribution.

Thanks & Regards,
Vicky

steini44 · February 25, 2016, 7:57am

Hi Vicky

Upload the config file with the software distribution. The Sha1 etc will be created for you. Delete everything except for the prefetch block and add the “move” commando at the end like this:

//this is generated automatically
begin prefetch block
  add prefetch item name=E4D18A54877EBCD4D706C3D2AA6487C6CF25E4B6 sha1=e4d18a54877ebcd4d706c3d2aa6487c6cf25e4b6 size=42179169 url=SWDProtocol://127.0.0.1:52311/Uploads/E4D18A54877EBCD4D706C3D2AA6487C6CF25E4B6/filename.bfswd sha256=bb9b09c9cbb7581da5e1c9fb29ca0cffc86b7f02a3df665cddc54b73d51b5ada
end prefetch block

// Move files into subfolders and unescape file names
move "__Download/E4D18A54877EBCD4D706C3D2AA6487C6CF25E4B6" "C:\x\x\filename"

Hope this helps. If the folder needs to be created you can include this:

if {not exists folder "C:\x\x\"}
  folder create "C:\x\x\"
endif

Greetings

jgstew · March 3, 2016, 8:45pm

I recommend having 1 fixlet to install the software and another fixlet to configure it. They can both be taken together in a baseline, or separately.

It is definitely possible to configure software with BigFix in almost all cases.

Here is an example of configuring software that uses an XML file using BigFix: https://bigfix.me/fixlet/details/738

strawgate · March 3, 2016, 8:52pm

One big advantage of the approach @jgstew mentions is that if your configuration fixlet and upgrade fixlets are separate then you can upgrade clients without worrying about their configuration drifting and you can reconfigure clients at the latest version if they become incorrectly configured.

It also means that you don’t need to repackage your VPN installer just because you want to change one setting!

vikki · March 4, 2016, 12:04pm

Thanks for my way open and sure I follow that

karthik04 · June 13, 2020, 3:03pm

@vikki Can you share the script which you used to install Fortinet client on Windows system and also If i want to upgrade the Fortinet client on few systems can i use the installation script.
Lastly were you successful in configuring the VPN through BigFix ?

vikki · July 14, 2020, 9:32am

Hi Karthik

We using msi editor and feed the VPN configuration

Regards
Vicky R