Had more trouble than expected finding the requirements to deploy FortiClient for VPN silently to macs, so thought I’d share here what I’ve got so far. This is working for me to (almost) silently install it; there is still a pop-up requesting permission for FortiTray to add a VPN Configuration that I can’t figure out. There are some JAMF discussions about creating a dummy VPN configuration and pushing that first, but it didn’t get around the prompt for me using Addigy.
The publicly available FortiClient VPN doesn’t include the .mpkg. If you have a Fortinet login, download the FortiClientMac software for the version you need from https://support.fortinet.com/Download/FirmwareImages.aspx. Extract the .mpkg and create a simple Addigy custom software script for it.
PPPC Signature: identifier “com.fortinet.FortiClient” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AH4XFXJ7DK
Thanks for posting this! I registered on the site however, I do not seem to be able to download the client since we dont have products registered yet (waiting to get info from client) Would it be possible if you can DM me the client? (assuming this does not break any rules on this board)
I got it installed! Some people can connect just fine. However, I am finding that some people don’t have FortiTray running on their computer so it won’t prompt for SSO.
It seems a manual uninstall and then re-install from the Fortinet package seems to fix it but I can’t figure out why some work and some don’t.
Click into the DMG, run the .app but do not click install. Navigate to the following path /private/var/folders/0f/*somerandomstring*/T/fctupdate/FortiClient.dmg
There you will find the .mpkg mine was just titled install.mpkg
This will also update overtop of previous versions.
identifier “com.fortinet.FortiClient” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AH4XFXJ7DK
This is the entire PPPC Identifier so copy the entire thing.
In the service management are everything else after the team identifier a bundle a identifier
Correct; each of those items is an individual bundle Identifier.
For EMS you would normally set the EMS service managed path in the field. Can that be set somewhere automatically? So the user don’t have to?
It will depend if teh package allows you to set that as part of an installtion script; you’d have to check Forticlient to see if that’s documented anywhere, but if it’s possible you could set that in the installation script field in Addigy.
Alternatively, I’m not sure if Forticlient does it this way but some vendors have you download specific installers per site/organization, so if they do you’d just make sure you were naming your custom package in Addigy for each client.
Thanks - I figured out that if you use the mpkg file from the EMS server you get the full FortiClient. You just need to then enter the EMS connection and an Admin has to provide credentials for the SSL certificate to be installed. A niggle, but can be worked around