Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2463
Views
10
Helpful
3
Replies

Remote VPN Forti client with AnyConnect Posture

Go to solution
amirminhat
Level 1
Level 1

‎10-17-2021 08:25 PM

Hi,

 

I do have a setup where the environment is using Forti Client VPN for their remote access VPN. In this scenario, I want to enforce a posturing and client provisioning with AnyConnect but using Forti Client as the remote VPN.

 

I tried to find any documentation of ISE posturing with the third party products but to no avail. Has anybody done this ? Appreciate if can help on how to deploy the posturing for this scenario.

 

Thanks

1 Accepted Solution

Accepted Solutions

Go to solution
ahollifield
VIP
VIP
In response to crediblebh

‎10-06-2023 05:18 AM

Yes but this doesn't work last time I tested.  FortiGate didn't support CoA for VPN users, only those on managed switches or APs.  FortiGate also doesn't support URL redirection for SSL VPN clients.  Finally, the ISE DHCP/DNS server cannot be used here since FortiGate does not support DHCP relay for VPN clients.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
amirminhat
Level 1
Level 1
In response to Lauren957

‎10-21-2021 08:04 PM

HI @Lauren957 

 

I just want to understand this, do you mean we can run both VPN client Fortinet and Cisco Anyconnect at the same time ? How does anyconnect provide secure vpn access to the Forticlient VPN ? If so, how does ISE trigger to for client provisioning for posturing if we are using Forticlient ?

0 Helpful

Go to solution
crediblebh
Level 1
Level 1

‎10-05-2023 04:58 AM

Just so I'm clear, you're saying that Fortinet and Cisco's AnyConnect VPN clients can coexist? When connecting to the Forticlient VPN, how does anyconnect ensure a secure connection? If that's the case, how does ISE communicate with Forticlient to initiate client provisioning for posturing? CredibleBH

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to crediblebh

‎10-06-2023 05:18 AM

Yes but this doesn't work last time I tested.  FortiGate didn't support CoA for VPN users, only those on managed switches or APs.  FortiGate also doesn't support URL redirection for SSL VPN clients.  Finally, the ISE DHCP/DNS server cannot be used here since FortiGate does not support DHCP relay for VPN clients.

0 Helpful
Customers Also Viewed These Support Documents