Fortigate SSLVPN





Submitted To:

Network Security Operations




Alberta Health Services






Created by:

Carl M. Ocol

May 2011







 Document Control


For additional information and clarifications pertaining to the contents of this document please contact Provincial Network Security Operations as follows:



E-Mail Address

Office Phone Number

Cameron Bain


Giovanni Pagliuso


Glenn Matias


Eric Millice


Solomon Adelakun




Change Record




Change Reference

May 20, 2011

Carl Ocol



May 27, 2011

Cameron Bain



Sep 3, 2011

Cameron Bain



Aug 8, 2013

Carl Ocol



Sept 15, 2014 

Carl Ocol



 August 7, 2015

Dale Runge 



 July 13, 2018

Solomon Adelakun







1.           Requirements/Goals

2.           Background Information

3.           Windows Installation Instructions

4.           Macintosh Installation Instructions

5.           Troubleshooting



1.   Click here for instructions on how to set up Remote Desktop Connection.

2.   Click here for contact information of AHS Help Desk.



1.   Requirements/Goals


The primary goal of the Fortinet SSLVPN solution is to provide a remote access infrastructure to match and exceed the needs of Alberta Health Services staff and partners.


The solution must provide for easy installation, easy client configuration, reliable operation and security for the client.


The solution must provide a highly available and resilient VPN service that will be available at all times to the client.


Operating Systems supported by the Fortinet SSLVPN solution include:

·         Windows OS

·         MAC OS

·         Linux OS


Requirements for the SSLVPN client include:

·         Valid RSA FOB issued by Access Admin with the appropriate access to AHS resources

·         Any latest version of a web browser to download the Fortinet SSL VPN client



<back to main menu>



2.   Background Information


Over the past several years, as organizations have grown and become more complex, secure remote access to network resources has become critical for day-to-day operations. As a result of the growing need for providing remote/mobile clients with easy, cost-effective and secure access to a multitude of resources, the concept of a Virtual Private Network was developed.



What is SSL?


SSL (Secure Sockets Layer) over HTTPS is supported by most web browsers for exchanging sensitive information securely between a web server and a client. SSL establishes an encrypted link, ensuring that all data passed between the web server and the browser remains private and secure. SSL protection is initiated automatically when a user (client) connects to a web server that is SSL-enabled. Once the successful connection is established, the browser encrypts all the information before it leaves the computer. When the information reaches its destination, it is decrypted using a secret (private) key. Any data sent back is first encrypted, and is decrypted when it reaches the client.



Goals of SSL


SSL has four main goals:

·         Confidentiality of communications

·         Integrity of data

·         Authentication of server

·         Authentication of client (non-repudiation) to correct for dropped packets in multimedia streams


<back to main menu>



3.   Windows Installation Instructions


Download one of the flowing SSL VPN Client installer packages:

32 Bit SSLVPN Client (Suitable for Windows XP)

64 Bit SSLVPN Client (Suitable for Windows 7, Windows 8 and Windows 10)


B.1 Using Internet Explorer web browser under Windows XP you should see something similar to the following:

Click the ‘Run’ button to start installing the SSL VPN client.


When asked if you want to run the installer, select ‘Run’



Windows account control may ask you to run the installer with admin privileges. Select ‘Run as administrator’.


<proceed to section C>



B.2 Using Firefox or other web browsers you will see something similar to the following:

Save the file


Then open the download tab on the browser and ‘run’ the SslvpnClient by clicking on <.exe> file.


B.3 Using Microsoft Edge in windows 10 you will see the following:





Select ‘Save’ then ‘Run’ after the download is complete.


C On the screen that appears, select to install the client.


The following images are the screens you will see during installation:


Select ‘Yes’ on the User Account Control Screen



The installation process will start as below:


On the ‘Welcome to the FortiClient Setup Wizard’ screen enable the checkbox and select ‘Next’ as shown next:



Select the “Secure Remote Access” Option to install only the VPN components, then click “Next”.







Accept the defaults as shown below and click on ‘Next’:



Select ‘Install’ on the subsequent screen as shown:




Wait until the installation is completed. Select ‘Finish’ at the bottom of the installation screen.




There will be a new Icon placed on the desktop as shown:



Double clicking this Icon to open the FortiClient SSL VPN connection will result in the following:


Click on “Remote Access” and then “Configure VPN”



Configure the next screen as above, and enter your username in the username field. Click “Apply” then “Close” to apply the settings. You are presented with the next screen.




User Name: (enter the provided username here). If you selected “save login” and entered your username in the previous screen above, the username is automatically populated.


Password: (enter your Pin and FOB access code into this box)


Type your PIN and 6 digits displaying on your token with no spaces in the password field.










Once completed, click ‘Connect’ and a connection to the AHS SSL VPN portal should be successful. The window will minimize to the task bar as shown:



Clicking on the Task Bar Icon will result in the following window being displayed:



Please note that this screen is where the assigned IP address from the SSL VPN head end located inside AHS is seen. It should be an address similar to what is shown (10.48.x.x).


When your work is done, click Disconnect. After disconnecting, you may log back in by entering a new Password (PIN + token code) and clicking ‘Connect’. Otherwise, click the ‘X’ in the upper right hand corner of the connection window to close the client.


<back to main menu>



4.   MAC OS X Installation Instructions


Note:  for Macintosh operating system the standalone SSLVPN client should be configured and used for connectivity.  To use the SSL VPN standalone tunnel client (Mac OS X) please follow these instructions.


a.       Download the SSL VPN Client by clicking the link to the SSLVPN client for MacOS. (if webpage is not found, right-click on the link then select ‘Save link as’ or ‘Save target as’. Run the installer <·dmg> file from where you have saved it).


b.  Go to the Applications folder and double-click on The FortiClient SSL VPN tunnel client (Mac OS X) opens.


c.  Select Settings....


d.  Optionally, select Keep connection alive until manually stopped to prevent tunnel connections from closing due to inactivity.


e.  Optionally, select Start connection automatically. The next time the tunnel mode application starts, it will start the last selected connection.


f.   If you use a proxy in your network, enter in Proxy the proxy server IP address and port. Enter proxy authentication credentials immediately below in User and Password.


g.  Select the + button to define a new connection, or select from the list an existing connection to modify.


h.  To create a new connection, select Create


i.   Enter the following information.

Server: In the smaller field, enter the SSL VPN port number (443)

User: Enter your user name; example: johndoe

Password: Enter the PIN + token code associated with your FOB key; example: 1234xxxxxx

Certificate: Leave blank.

Password: Leave blank.


j. Select Done.


<back to main menu>



5.   Troubleshooting

Fortigate SSLVPN Client troubleshooting:


·         When wrong credentials are entered OR you are trying to connect to the SSL VPN from inside the AHS network, a Warning message comes up regarding invalid login credentials. The correct format for Name is <username> and Password is <pin><token code from FOB key>.  Your PIN (Personal Identification Number) is numeric and between 4 and 8 digits in length.  Also please note that connecting to the SSL VPN is not possible when the laptop or mobile device is already connected to the AHS network.



·         To ensure that you are connected in an SSLVPN tunnel mode, check that an IP address has been provided by the SSLVPN server to the PPP adapter fortissl. Go to <Start then Run>. On the Run field, type ‘cmd’ then hit enter. When the cmd window (black window) opens up, enter the command “ipconfig” besides the prompt.



NOTE: If authentication issues persist, you can test that your FOB is operational by logging into web page: ... upon successfull logon you will see a message about successfully completing the authentication (and setting your pin if that was required). This is the only function of the page. Once you have tested the FOB, please close the page.


<back to main menu>