Fortigate SSLVPN
Uses: Remote Controlling an AHS PC using Home PC, FortiClient (VPN) and
RDP (Remote Desktop Protocol)
For:
Alberta Health Services
Contents
2.
Windows
Installation Instructions
3.
Macintosh
Installation Instructions
5.
PIN
Setup
6.
Remote
Desktop Connection (RDP)
Notes:
If you require further assistance
please call the Service Desk at 1-877-311-4300
1.
Prerequisites
AHS Computer to Remote into. You will need:
· PC Name. (Ex) M555555
· PC will need to be turned on and connected to the AHS network
·
You will need a valid RSA FOB issued by AHS
with access to the appropriate resources ( Physical fob or smart phone
application)
Personal Computer, that includes the following:
· Up to date Windows or MAC Operating System
· Up-to-date anti-virus software
·
Web Browser such as Microsoft Edge, Internet Explorer, Firefox or
Chrome.
2. Windows
Installation Instructions
Download
the flowing SSL VPN Client installer package:
64
Bit SSLVPN Client
(Suitable for Windows 7, Windows 8 and Windows 10 64 bit editions)
32
Bit SSLVPN Client
(Suitable for Windows 7, Windows 8 and Windows 10 32 bit editions)
Using Microsoft Edge
1. Click “Save” on the pop up
2. Select ‘Save’ then ‘Run’ after
the download is complete.
3. If a
Password Prompt pops up please input your username and password with privileges
to install software.
Using Firefox or Chrome browsers
1. The following link will show up on the bottom of
your browser window.
2. Open the downloaded file by clicking on the chevron
and open the FortiClientVPNSetup file.
2.1 To install FortiClient - On the screen that appears, Select ‘Yes’ on the User
Account Control Screen or input a user account with credentials to install
software.
2.2 On the
‘Welcome to the FortiClient Setup Wizard’ screen enable the checkbox and select
‘Next’:
2.3 Accept the defaults as shown below and click on
‘Next’:
2.4 Select
‘Install’ on the subsequent screen as shown:
2.5 Wait until the
installation is completed. Select ‘Finish’ at the bottom of the installation
screen.
2.6 There will
be a new Icon placed on the desktop as shown:
Double clicking
this Icon to open the FortiClient SSL VPN connection will open the FortiClient
program:
2.7 Click on
the checkbox and then I accept.
2.8 Click on
Configure VPN
2.9 Configure
the next screen as shown below, and enter your username in the username field.
Click “Apply” then “Close” to apply the settings.
Connection Name: AHS VPN
Description: It can be left blank
Remote Gateway: vpn.albertahealthservices.ca
Authentication: Save login
(optional)
Username: enter AHS account username
(optional)
2.10 User Name: (enter AHS
account username).
If you selected “save
login” and entered your username in the previous screen above, the username is automatically
populated.
Password:
(RSA
FOB passcode, NOT the AHS Windows password)
·
If
you have a Soft Token: Enter the 8-digit token that displays on your Cellphone. The
PIN is only to be used in the Cellphone.
·
If
you have a Hard token (FOB): Enter
the PIN+Token (without spaces) that displays in your Token.
Note
: A new PIN can be set at https://token.ahs.ca . See the section 5
for PIN Setup.
2.11 Once completed,
click ‘Connect’ and a connection to the AHS SSL VPN portal should be
successful. The window will minimize to the task bar as shown:
2.12 Click on the chevron on the Task
Bar Icon will result in the following window being displayed, once you locate
it right click and you will be given
the options shown below:
Please note that this screen is where
the assigned IP address from the SSL VPN head end located inside AHS is seen.
It should be an address similar to what is shown (10.48.x.x).
When your work is
done, click Disconnect. After disconnecting, you may log back in by entering a
new passcode (8-digit
token) or (PIN
+ token code if you use a FOB.
Click ‘Connect’ to
establish your connection back to AHS otherwise, click the ‘X’ in the upper
right hand corner of the connection window to close the client. Once you are
connected, please proceed to the Remote
Desktop Connection section of this document.
3. MAC
OS X Installation Instructions
3.1
Download FortiClient
VPN for MAC directly from the software vendor:
MacOS
SSLVPN Client
(Suitable MacOS X installations)
3.2 Once downloaded, click on the chevron then open the
installer
3.3 Click on Install
3.4 Click on Continue
3.5 Click on Continue
3.6 Click on Agree
3.7 Click on Install
3.8 Input your Mac
credentials with permissions to install software as well as password then click
Install Software.
3.9 Click on Close
3.10 Once installed go to your Applications folder and open FortiClient:
3.11 Click on the checkbox and then I accept.
3.12 Click on
Configure VPN
3.13 Configure the next screen as shown
below, and enter your username in the username field. Click “Apply” then “Close”
to apply the settings.
Connection Name: AHS VPN
Description: It can be left blank
Remote Gateway: vpn.albertahealthservices.ca
Authentication: Save login
(optional)
Username: enter AHS account username
(optional)
3.14 User Name: (enter AHS
account username).
If you selected “save
login” and entered your username in the previous screen above, the username is
automatically populated.
Password:
(RSA
FOB passcode, NOT the AHS Windows password)
·
If
you have a Soft Token: Enter the 8-digit token that displays on your Cellphone. The
PIN is only to be used in the Cellphone.
·
If
you have a Hard token (FOB): Enter
the PIN+Token (without spaces) that displays in your Token.
Note:
A new PIN can be set at https://token.ahs.ca
. See the section 5 for PIN Setup.
3.15 Once completed,
click ‘Connect’ and a connection to the AHS SSL VPN portal should be
successful. The window will minimize to the task bar as shown:
Fortigate SSLVPN Client troubleshooting:
· When the wrong credentials are entered OR you are trying to connect to the SSL VPN from inside the AHS network, a Warning message comes up Saying “Unable to establish the VPN Connection. The VPN server may be unreachable. (-14)” The correct format for Name is <username> and Password is <pin><token code from FOB key> -- or <8-digit Token from Soft Token>. Your PIN (Personal Identification Number) is numeric and between 4 and 8 digits in length. Also please note that connecting to the SSL VPN is not possible when the laptop or mobile device is already connected to the AHS network.
·
NOTE: If authentication issues
persist, you can test that your Token is operational by logging into web page: https://token.albertahealthservices.ca
... upon successful logon you will see a message about successfully completing
the authentication (and setting your pin if that was required). This is the
only function of the page. Once you have tested the Token, please close the
page.
Important: If you have tested your Token
and it is functional, but FortiClient is still not connecting. Make sure your local
Internet is connected then completely remove FortiClient from your computer,
restart your computer, reinstall it and try to connect with FortiClient once
again.
5. PIN SETUP
5.1 If you have a Soft
Token :
a) On your Cellphone RSA App enter
0000 then click on the arrow ŕ
b) Browse to https://token.ahs.ca
and enter your Username and Passcode (the latest 8-digit Token displaying on your Cellphone)
then click on “Logon”:
c) Enter a new PIN as prompted,
submit, re-enter and submit :
+
d) Go back to the RSA App
on your Cellphone and click on PIN (top left) to go back and enter the new PIN
you have just set.
e) Enter the new 8-digit
Token displaying on your RSA App of your Cellphone on the Token Website:
f) Success
5.2 If you have a Hard
Token (FOB) :
a) Browse to https://token.ahs.ca
and enter your Username and Passcode (the Token displaying on your FOB) then click
on “Logon”:
c) Enter a new PIN as prompted,
submit, re-enter and submit :
+
d) Wait the Token to change
on your FOB then enter the New PIN + Token on the Token Website:
f) Success
6.
REMOTE DESKOP CONNECTION
Once
you have connected FortiClient successfully, use this tool in combination with FortiClient
in order to remotely access an AHS computer from your personal computer. For
that you will need the target AHS Computer to be online and no user using it.
For Windows OS: Remote Desktop Connection
(aka RDP) is a tool that is already part of Windows Operational System.
6.1 Search for “Remote” and click on the icon for it.
6.2 Type in the barcode (machine
name) of your computer followed by healthy.bewell.ca
or you can type in the IP address (ie.
10.117.6.xx) of the target machine.
6.3
Enter your AHS AD credentials in the format healthy\username
and your password
6.4
If you get to this screen, you are already at the AHS computer sign-on prompt.
This one you can enter again your username + password (AD password).
For MAC Computers: Remote Desktop Connection
is not a tool that comes already in MAC computers. You will need to install it.
1: Go
to App Store
2.
Search: Microsoft Remote Desktop
3: Install Microsoft Remote Desktop App
4: Open Microsoft Remote Desktop from Launchpad