Etnetera IT Knihovna

English

Čeština

English

Čeština

Appearance

FortiClient EMS + VPN / ZTNA

Basic Information

FieldValue
CategoryInfrastructure
OwnerFilip Kohák
DeputyArtem Ryzhkov
SLA8x5
DeploymentHybrid (FortiEMS VM on Proxmox + FortiGate gateway)

Description

FortiClient EMS (Endpoint Management Server) manages FortiClient agents installed on corporate devices. It provides remote access (VPN) and is the foundation for ZTNA (Zero Trust Network Access).

Current status:

  • Remote access runs in parallel on OpenVPN (Viscosity) and FortiClient SSL-VPN
  • ZTNA is in pilot phase — planned migration from OpenVPN
  • FortiClient agents are distributed via Hexnode MDM on Mac devices

Procedure — Connect to VPN (for users)

SSL-VPN via FortiClient

  1. Open FortiClient app on your device
  2. Remote Access → VPN tab
  3. Select Etnetera SSL-VPN profile
  4. Log in with corporate credentials (AD or Entra ID)
  5. Complete MFA prompt (Microsoft Authenticator or FortiToken)

Fallback via OpenVPN (Viscosity)

  1. Open Viscosity from the menu bar
  2. Click Etnetera-VPN profile
  3. Enter AD credentials
  4. Connection establishes automatically

Tip

FortiClient VPN is preferred for new devices. OpenVPN (Viscosity) is the fallback and will be phased out.

Troubleshooting

ProblemSolution
VPN won't connectCheck credentials; verify MFA; check FortiGate VPN port availability
FortiClient offline in EMSCheck device network connectivity to FortiEMS; restart FortiClient agent
Compliance check failingCheck AV (ESET) and disk encryption (FileVault/BitLocker) status on device
Slow VPN connectionCheck split tunneling settings; verify ISP link status on FortiGate

Planned Migration

  • Goal: full migration from OpenVPN to FortiClient SSL-VPN / ZTNA
  • Track progress in Jira project IT-INFRA

Contact

  • Owner: Filip Kohák — Slack @filip
  • Deputy: Artem Ryzhkov — Slack @artem
  • VPN issues: Slack #it-help

Etnetera a.s. — IT Team