Fortigate SSLVPN

 

 

Uses: Remote Controlling an AHS PC using Home PC, FortiClient (VPN) and RDP (Remote Desktop Protocol)

 

 

 

For:

Alberta Health Services

 

  

 

 

 Contents

1.           Prerequisites

2.           Windows Installation Instructions

3.           Macintosh Installation Instructions

4.           Troubleshooting

5.           PIN Setup

6.           Remote Desktop Connection (RDP)

 

Notes:

     If you require further assistance please call the Service Desk at 1-877-311-4300

 

 

 

 

 

1.   Prerequisites

AHS Computer to Remote into. You will need:

 

·         PC Name. (Ex) M555555

·         PC will need to be turned on and connected to the AHS network

·          You will need a valid RSA FOB issued by AHS with access to the appropriate      resources ( Physical fob or smart phone application)

 

Personal Computer, that includes the following:

·         Up to date Windows or MAC Operating System

·         Up-to-date anti-virus software

·          Web Browser such as Microsoft Edge, Internet Explorer, Firefox or Chrome.

 

 

<back to main menu>

 

 

2.   Windows Installation Instructions

 Download the flowing SSL VPN Client installer package:

64 Bit SSLVPN Client (Suitable for Windows 7, Windows 8 and Windows 10 64 bit editions)

32 Bit SSLVPN Client (Suitable for Windows 7, Windows 8 and Windows 10 32 bit editions)

 

 

Using Microsoft Edge

1. Click “Save” on the pop up 

2. Select ‘Save’ then ‘Run’ after the download is complete.

3. If a Password Prompt pops up please input your username and password with privileges to install software.

 

Using Firefox or Chrome browsers

1. The following link will show up on the bottom of your browser window.

2. Open the downloaded file by clicking on the chevron and open the FortiClientVPNSetup file.

 

 

2.1 To install FortiClient - On the screen that appears, Select ‘Yes’ on the User Account Control Screen or input a user account with credentials to install software.

 

 

2.2 On the ‘Welcome to the FortiClient Setup Wizard’ screen enable the checkbox and select ‘Next’:

 

 

 

 

 

2.3 Accept the defaults as shown below and click on ‘Next’:

 

 

 

2.4 Select ‘Install’ on the subsequent screen as shown:

 

 

 

2.5 Wait until the installation is completed. Select ‘Finish’ at the bottom of the installation screen.

 

 

 

2.6 There will be a new Icon placed on the desktop as shown:

 

Double clicking this Icon to open the FortiClient SSL VPN connection will open the FortiClient program:

 

 

 

 

 

 

 

2.7 Click on the checkbox and then I accept.

 

 

2.8 Click on Configure VPN

 

 

 

 

 

 

2.9 Configure the next screen as shown below, and enter your username in the username field. Click “Apply” then “Close” to apply the settings.

 

Connection Name: AHS VPN

Description: It can be left blank

Remote Gateway: vpn.albertahealthservices.ca

Authentication: Save login (optional)

Username: enter AHS account username (optional)

 

 

 

 

 

 

 

2.10 User Name: (enter AHS account username).

If you selected “save login” and entered your username in the previous screen above, the username is automatically populated.

 

Password: (RSA FOB passcode, NOT the AHS Windows password)

·         If you have a Soft Token: Enter the 8-digit token that displays on your Cellphone. The PIN is only to be used in the Cellphone.

 

·         If you have a Hard token (FOB): Enter the PIN+Token (without spaces) that displays in your Token. 

 

 

 

 

 

Note : A new PIN can be set at https://token.ahs.ca . See the section 5 for PIN Setup.

 

2.11 Once completed, click ‘Connect’ and a connection to the AHS SSL VPN portal should be successful. The window will minimize to the task bar as shown: 

 

 

 

 

2.12 Click on the chevron on the Task Bar Icon will result in the following window being displayed, once you locate it right click and you will be given the options shown below:

 

 

 

 

 

Please note that this screen is where the assigned IP address from the SSL VPN head end located inside AHS is seen. It should be an address similar to what is shown (10.48.x.x).

 

When your work is done, click Disconnect. After disconnecting, you may log back in by entering a new passcode (8-digit token) or (PIN + token code if you use a FOB. Click ‘Connect’ to establish your connection back to AHS otherwise, click the ‘X’ in the upper right hand corner of the connection window to close the client. Once you are connected, please proceed to the Remote Desktop Connection section of this document.

 

 

 

 

3. MAC OS X Installation Instructions

3.1 Download FortiClient VPN for MAC directly from the software vendor:

 

                   MacOS SSLVPN Client (Suitable MacOS X installations)

 

 

 

 

3.2 Once downloaded, click on the chevron then open the installer

 

 

 

3.3 Click on Install

 

 

3.4 Click on Continue

 

 

 

3.5 Click on Continue

 

 

3.6 Click on Agree

 

3.7 Click on Install

3.8 Input your Mac credentials with permissions to install software as well as password then click Install Software.

3.9 Click on Close

 

 

3.10 Once installed go to your Applications folder and open FortiClient:

 

3.11 Click on the checkbox and then I accept.

 

3.12 Click on Configure VPN

 

 

 

 

3.13 Configure the next screen as shown below, and enter your username in the username field. Click “Apply” then “Close” to apply the settings.

 

Connection Name: AHS VPN

Description: It can be left blank

Remote Gateway: vpn.albertahealthservices.ca

Authentication: Save login (optional)

Username: enter AHS account username (optional)

 

 

 

 

 

 

 

3.14 User Name: (enter AHS account username).

If you selected “save login” and entered your username in the previous screen above, the username is automatically populated.

 

Password: (RSA FOB passcode, NOT the AHS Windows password)

·         If you have a Soft Token: Enter the 8-digit token that displays on your Cellphone. The PIN is only to be used in the Cellphone.

 

·         If you have a Hard token (FOB): Enter the PIN+Token (without spaces) that displays in your Token. 

 

 

 

 

 

Note: A new PIN can be set at https://token.ahs.ca . See the section 5 for PIN Setup.

 

3.15 Once completed, click ‘Connect’ and a connection to the AHS SSL VPN portal should be successful. The window will minimize to the task bar as shown: 

 

 

 

 

<back to main menu>

 

 

4. Troubleshooting

Fortigate SSLVPN Client troubleshooting:

 

·         When the wrong credentials are entered OR you are trying to connect to the SSL VPN from inside the AHS network, a Warning message comes up Saying “Unable to establish the VPN Connection. The VPN server may be unreachable. (-14)” The correct format for Name is <username> and Password is <pin><token code from FOB key> -- or <8-digit Token from Soft Token>.  Your PIN (Personal Identification Number) is numeric and between 4 and 8 digits in length.  Also please note that connecting to the SSL VPN is not possible when the laptop or mobile device is already connected to the AHS network.

 

 

·        

 

NOTE: If authentication issues persist, you can test that your Token is operational by logging into web page: https://token.albertahealthservices.ca ... upon successful logon you will see a message about successfully completing the authentication (and setting your pin if that was required). This is the only function of the page. Once you have tested the Token, please close the page.

 

Important: If you have tested your Token and it is functional, but FortiClient is still not connecting. Make sure your local Internet is connected then completely remove FortiClient from your computer, restart your computer, reinstall it and try to connect with FortiClient once again.

 

<back to main menu>

 

 

 

5. PIN SETUP

 

 

5.1 If you have a Soft Token :

 

a) On your Cellphone RSA App enter 0000 then click on the arrow à

 

b) Browse to https://token.ahs.ca and enter your Username and Passcode (the latest 8-digit Token displaying on your Cellphone) then click on “Logon”:

 

 

 

 

 

 

c) Enter a new PIN as prompted, submit, re-enter and submit :

         

 +

 

 

 

d) Go back to the RSA App on your Cellphone and click on PIN (top left) to go back and enter the new PIN you have just set.

 

e) Enter the new 8-digit Token displaying on your RSA App of your Cellphone on the Token Website:

 

               

         

f) Success

         

 

5.2 If you have a Hard Token (FOB) :

 

a) Browse to https://token.ahs.ca and enter your Username and Passcode (the Token displaying on your FOB) then click on “Logon”:

 

 

 

 

 

 

c) Enter a new PIN as prompted, submit, re-enter and submit :

         

 +

 

 

 

d) Wait the Token to change on your FOB then enter the New PIN + Token on the Token Website:

 

 

               

         

f) Success

         

6. REMOTE DESKOP CONNECTION

Once you have connected FortiClient successfully, use this tool in combination with FortiClient in order to remotely access an AHS computer from your personal computer. For that you will need the target AHS Computer to be online and no user using it.

 

For Windows OS: Remote Desktop Connection (aka RDP) is a tool that is already part of Windows Operational System.

 

6.1 Search for “Remote” and click on the icon for it.

 

 

 

 

6.2 Type in the barcode (machine name) of your computer followed by healthy.bewell.ca or you can type in the IP address (ie. 10.117.6.xx) of the target machine.

 

6.3 Enter your AHS AD credentials in the format healthy\username and your password

 

 

6.4 If you get to this screen, you are already at the AHS computer sign-on prompt. This one you can enter again your username + password (AD password).

 

 

For MAC Computers: Remote Desktop Connection is not a tool that comes already in MAC computers. You will need to install it.

 

 1: Go to App Store

 

2. Search: Microsoft Remote Desktop

 

 

3: Install Microsoft Remote Desktop App

 

4: Open Microsoft Remote Desktop from Launchpad