Solved: Remote VPN Forti client with AnyConnect Posture

amirminhat · ‎10-17-2021

Hi,

I do have a setup where the environment is using Forti Client VPN for their remote access VPN. In this scenario, I want to enforce a posturing and client provisioning with AnyConnect but using Forti Client as the remote VPN.

I tried to find any documentation of ISE posturing with the third party products but to no avail. Has anybody done this ? Appreciate if can help on how to deploy the posturing for this scenario.

Thanks

ahollifield · ‎10-06-2023

Yes but this doesn't work last time I tested. FortiGate didn't support CoA for VPN users, only those on managed switches or APs. FortiGate also doesn't support URL redirection for SSL VPN clients. Finally, the ISE DHCP/DNS server cannot be used here since FortiGate does not support DHCP relay for VPN clients.

View solution in original post

amirminhat · ‎10-21-2021

HI @Lauren957

I just want to understand this, do you mean we can run both VPN client Fortinet and Cisco Anyconnect at the same time ? How does anyconnect provide secure vpn access to the Forticlient VPN ? If so, how does ISE trigger to for client provisioning for posturing if we are using Forticlient ?

crediblebh · ‎10-05-2023

Just so I'm clear, you're saying that Fortinet and Cisco's AnyConnect VPN clients can coexist? When connecting to the Forticlient VPN, how does anyconnect ensure a secure connection? If that's the case, how does ISE communicate with Forticlient to initiate client provisioning for posturing? CredibleBH

ahollifield · ‎10-06-2023

Yes but this doesn't work last time I tested. FortiGate didn't support CoA for VPN users, only those on managed switches or APs. FortiGate also doesn't support URL redirection for SSL VPN clients. Finally, the ISE DHCP/DNS server cannot be used here since FortiGate does not support DHCP relay for VPN clients.