Worklet: Install Forticlient VPN and provision gateway

  • 9 October 2020
  • 3 replies
  • 3 views

Userlevel 4

Hi Guys, We use Fortigate Firewall/VPN Concentrators and needed an easy way to push out the newest client with all the gateway settings pre-applied. Shoutouts to @awhitman for helping point us in the right direction with a couple free professional hours.


So basically what we do is run the installer, and then in order to actually modify all the settings we want, we need to throw some regkeys in the HKLM-Software hive. This will allow us to push the app to the end user and its prepopulated with the right URL/path/etc


It’s worth noting, theres 2 versions of the forticlient VPN software, online and full. Online is readily available but if you want the full installer, you need to logon to forticare and download it behind a membership wall.


Things to change:

$pathtourl is your publically accessible vpn concentrator

$gateway is what the end user will see for a friendly name.


Start-Process -Wait -FilePath "FortiClientVPNSetup_6.4.1.1519_x64.exe" -ArgumentList "/S /v /qn /norestart" -passthru

$scriptblock = {
$pathtourl = "Your VPN PATH HERE"
$gateway = "Your desired description name"

$path1 = "HKLM:\\SOFTWARE\Fortinet\FortiClient"
$path2 = "HKLM:\\SOFTWARE\Fortinet\FortiClient\Sslvpn"
$path3 = "HKLM:\\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels"
$RegKeyExists = "HKLM:\\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$gateway"
New-Item -Path $path1 -Name "Sslvpn"
New-Item -Path $path2 -Name "Tunnels"
New-Item -Path $path3 -Name "$gateway"
New-ItemProperty -Path $RegKeyExists -Name 'promptcertificate' -Value '0' -PropertyType DWORD -Force
New-ItemProperty -Path $RegKeyExists -Name 'promptusername' -Value '1' -PropertyType DWORD -Force
New-ItemProperty -Path $RegKeyExists -Name 'Description' -Value "$gateway" -Force
New-ItemProperty -Path $RegKeyExists -Name 'Server' -Value "$pathtourl" -Force
New-ItemProperty -Path $RegKeyExists -Name 'ServerCert' -Value '1' -Force
}
$exitCode = & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock
Exit $exitCode

3 replies

Hi There,


I am sorry, I am quiet new to this forum as well as Automox. the above stated code should be under Evaluation Code ? or Remediation Code. Because there are two boxes that we have to fill up the script. Appreciate for help.

Userlevel 4

Use required software instead of a worklet, then just copy/paste the code into that codebox 😃 Also welcome to the community and feel free to join our community slack channel if you’d like!


Thanks Mrichards, I am still confused with worklets and required software 🙂

much appreciated. By the way, is there any code to install this Fortinet for MacOS too?

Reply