It works really no issue if the sole purpose is to connect to the VPN….
I’m going to echo @Wregghh and say Cisco AnyConnect is the best, most reliable VPN client. It’s also the most difficult to configure and isn’t cheap. But it’s stability can not be beat. It just works - all the time. No fanfare. No headaches… and for the record… I am not a Cisco firewall fan - at all… But I give credit where it is due…
FortiClient is buggy and not nearly as reliable. Plus, it implies you’ll be using the SSL-VPMN function as it is more firewall friendly than IPSec. The SSL-VPN function on FortiGates has been a security nightmare. It’s like practically every other month there is a critical level vulnerability. It’s so bad that even Fortinet is deprecating it and phasing it out… That may be something to consider actually. Do you want to marry into a VPN that the manufacturer is phasing out?
Forticlient is more susceptible to users isp stability than global protect and pulse in my experience.
100% agree! EMS is great for deployment and management of Forticlient endpoints.
Did you get a course for it? My company makes me responsible for the EMS and VPN but refuses to pay a course or certificate for me. I’m kinda stuck now because I don’t really understand the group system.
It’s definitely evolved a ton in 17 years. From the vast majority of customers I support with it, they rarely run into issues of reliability, save for exceptions that occur on non standard end points and environments.
I would agree with this. If you really want wireguard look at defguard.
I have 24 endpoints and even then it’s a huge help. Worth the cost to me for all the management features I get.
Downvoting bc this guy has had some trouble is crazy
I’ve had issues with the v7.0 branch like you’ve described (even reinstalling didn’t fix the issue) but on upgrading to v7.2.5, this went back to working seamlessly.
From my perspective, It’s definitely worth testing new builds extensively due to the many options for implementation; as it could be an environment specific issue in some cases.
It’s a feature rich product and EMS makes this much easier to manage but like any software there are bugs.
Are you configuring DTLS with SSLVPN? Have you tried to use IPSEC? Maybe your configurations need to be tweaked for a similar experience.
There are quite good training materials on training.fortinet.com. When we bought a fortigate firewall I went through the security and infrastructure courses and it was enough to configure and deploy the firewall for the company. Then I got a proper paid course and I wasn’t that much better but it was before COVID with a trainer in person so I could learn some interesting things
I agree with you (Downvote if you’d like i’m not here for Karma.)
I want to enjoy using and deploying FortiProducts (specifically in my case Client , EMS, Manager but without the myriads of issues the issue (which have spent 10s of hours working on with tac) . I don’t enjoy posting negative things about FortiGate.
Too many bugs, annoying to upgrade, CVEs every quarter.
Long standing issue over multiple versions and bugs including bugs/lack of client/version support with dtls and macOS. Multiple year experience and comparison with very large user base.
Are you primary windows or Mac?
Are you referring to upgrading EMS or the individual FortiClient?
Have you checked Palo Alto Networks Security Advisories and searched for global protect?
There’s psirts every quarter for that product.