Worklet: Install Forticlient VPN and provision gateway

  • 9 October 2020
  • 5 replies
  • 254 views

Userlevel 4
Badge

Hi Guys, We use Fortigate Firewall/VPN Concentrators and needed an easy way to push out the newest client with all the gateway settings pre-applied. Shoutouts to @awhitman for helping point us in the right direction with a couple free professional hours.

So basically what we do is run the installer, and then in order to actually modify all the settings we want, we need to throw some regkeys in the HKLM-Software hive. This will allow us to push the app to the end user and its prepopulated with the right URL/path/etc

It’s worth noting, theres 2 versions of the forticlient VPN software, online and full. Online is readily available but if you want the full installer, you need to logon to forticare and download it behind a membership wall.

Things to change:
$pathtourl is your publically accessible vpn concentrator
$gateway is what the end user will see for a friendly name.

Start-Process -Wait -FilePath "FortiClientVPNSetup_6.4.1.1519_x64.exe" -ArgumentList "/S /v /qn /norestart" -passthru

$scriptblock = {
$pathtourl = "Your VPN PATH HERE"
$gateway = "Your desired description name"

$path1 = "HKLM:\\SOFTWARE\Fortinet\FortiClient"
$path2 = "HKLM:\\SOFTWARE\Fortinet\FortiClient\Sslvpn"
$path3 = "HKLM:\\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels"
$RegKeyExists = "HKLM:\\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$gateway"
New-Item -Path $path1 -Name "Sslvpn"
New-Item -Path $path2 -Name "Tunnels"
New-Item -Path $path3 -Name "$gateway"
New-ItemProperty -Path $RegKeyExists -Name 'promptcertificate' -Value '0' -PropertyType DWORD -Force
New-ItemProperty -Path $RegKeyExists -Name 'promptusername' -Value '1' -PropertyType DWORD -Force
New-ItemProperty -Path $RegKeyExists -Name 'Description' -Value "$gateway" -Force
New-ItemProperty -Path $RegKeyExists -Name 'Server' -Value "$pathtourl" -Force
New-ItemProperty -Path $RegKeyExists -Name 'ServerCert' -Value '1' -Force
}
$exitCode = & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock
Exit $exitCode

5 replies

Hi There,

I am sorry, I am quiet new to this forum as well as Automox. the above stated code should be under Evaluation Code ? or Remediation Code. Because there are two boxes that we have to fill up the script. Appreciate for help.

Userlevel 4
Badge

Use required software instead of a worklet, then just copy/paste the code into that codebox ? Also welcome to the community and feel free to join our community slack channel if you’d like!


Thanks to @Mrichards we how have an Automox community slack:


This is a community-run chatroom, so not an official support channel, but I and other Automox folks will be in there to answer quick questions. Hope to see you in there!

 

Thanks Mrichards, I am still confused with worklets and required software 🙂
much appreciated. By the way, is there any code to install this Fortinet for MacOS too?

I was able to get the installer to work great which is usually my sticking point, but I can not get the registry entries to go where they need to go.  They keep going in the WOW6232Node branch.  Any thoughts would be greatly appreciated.

I overthought this...the entry for the PowerShell has to include the ..\sysnative\..  Dont understand it since the folder is not there, but it works.  Also extracted the MSI instead of the EXE which makes it easier pulling into the required software.  Here is that syntax.

Start-Process -FilePath 'msiexec.exe' -ArgumentList '/qn', '/i', '"FortiClientVPN.msi"' -Wait -Passthru

Reply