Fortigate SSLVPN ...
Uses: Remote
Controlling an AHS PC using Home PC, FortiClient (VPN) and RDP (Remote Desktop
Protocol)
For:
Alberta Health
Services
Contents
2.
Windows
Installation Instructions
3.
Macintosh
Installation Instructions
5.
PIN
Setup
6.
Remote
Desktop Connection (RDP)
Notes:
If you require further assistance please call the Service Desk at 1-877-311-4300
1. Prerequisites
AHS Computer to Remote into. You will need:
·
PC Name. (Ex) M555555
·
PC will need to be turned on and connected to the AHS network
·
You will need a valid RSA FOB issued by AHS
with access to the appropriate
resources ( Physical fob or smart phone
application)
Personal Computer, that includes the following:
·
Up to date Windows or MAC Operating System
·
Up-to-date anti-virus software
·
Web Browser such as Microsoft Edge, Internet Explorer, Firefox or Chrome.
2.
Windows Installation Instructions
Download the flowing SSL VPN Client installer
package:
64
Bit SSLVPN Client
(Suitable for Windows 7 and Windows 10 64 bit
editions) *preferred*
32
Bit SSLVPN Client (Suitable
for Windows 7 and Windows 10 32 bit editions)
Using Microsoft Edge
1. Click on the appropriate link above
2. Select open file after the download is complete.
3. If a Password Prompt pops up
please input your username and password with privileges to install software.
Using Firefox or Chrome browsers
1. The following link will show up on the bottom of your browser window.
2. Open the downloaded file by clicking on the chevron and open the FortiClientVPNSetup file.
2.1 To install
FortiClient - On the screen that appears, Select ‘Yes’
on the User Account Control Screen or input a user account with credentials to
install software.
2.2 On the
‘Welcome to the FortiClient Setup Wizard’ screen enable the checkbox and select
‘Next’:
2.3 Accept the defaults as shown below and click on
‘Next’:
2.4 Select
‘Install’ on the subsequent screen as shown:
2.5 Wait until the installation is completed. Select
‘Finish’ at the bottom of the installation screen.
2.6 There will
be a new Icon placed on the desktop as shown:
Double clicking
this Icon to open the FortiClient SSL VPN connection will open the FortiClient
program:
2.7 Click on the checkbox and then I accept.
2.8 Click on Configure VPN
2.9 Configure the next screen as shown below, and enter your username in the username field. Click
“Apply” then “Close” to apply the settings.
Connection
Name: AHS VPN
Description: It can be left blank
Remote
Gateway: vpn.albertahealthservices.ca
Authentication: Save login (optional)
Username: enter AHS account username
(optional)
2.10 User Name: (enter AHS account username).
If you selected “save login” and
entered your username in the previous screen above, the username is
automatically populated.
Password: (RSA FOB passcode, NOT the
AHS Windows password)
·
If
you have a Soft Token: Enter the 8-digit token that displays on your Cellphone. The
PIN is only to be used in the Cellphone.
·
If
you have a Hard token (FOB): Enter
the PIN+Token (without spaces) that displays in your
Token.
Note
: A new PIN can be set
at https://token.ahs.ca
. See the section 5 for PIN Setup.
2.11 Once completed, click ‘Connect’ and a connection to the
AHS SSL VPN portal should be successful. The window will minimize to the task
bar as shown:
2.12
Click on the chevron on the Task Bar Icon will result in the following window
being displayed, once you locate it right
click and you will be given the options shown below:
Please
note that this screen is where the assigned IP address from the SSL VPN head
end located inside AHS is seen. It should be an address similar
to what is shown (10.48.x.x).
When your work is done, click Disconnect. After
disconnecting, you may log back in by entering a new passcode (8-digit token) or (PIN + token code if you use a FOB. Click ‘Connect’ to establish your connection back to AHS
otherwise, click the ‘X’ in the upper right hand
corner of the connection window to close the client. Once you are connected,
please proceed to the Remote Desktop
Connection section of this document.
3. MAC
OS X Installation Instructions
3.1 Download FortiClient VPN for MAC directly from the software
vendor:
MacOS
SSLVPN Client
(Suitable MacOS X installations)
3.2
Once downloaded, click on the chevron then open the installer
3.3 Click on Install
3.4 Click on Continue
3.5 Click on Continue
3.6 Click on Agree
3.7 Click on Install
3.8 Input your Mac credentials with
permissions to install software as well as password then click Install
Software.
3.9 Click on Close
3.10 Once installed
go to your Applications folder and open FortiClient:
3.11 Click on the checkbox and then I accept.
3.12 Click on Configure VPN
3.13 Configure the next screen as shown below, and
enter your username in the username field. Click “Apply” then “Close” to apply
the settings.
Connection
Name: AHS VPN
Description: It can be left blank
Remote
Gateway: vpn.albertahealthservices.ca
Authentication: Save login (optional)
Username: enter AHS account username
(optional)
3.14 User Name: (enter AHS account username).
If you selected “save login” and
entered your username in the previous screen above, the username is
automatically populated.
Password: (RSA FOB passcode, NOT the
AHS Windows password)
·
If
you have a Soft Token: Enter the 8-digit token that displays on your Cellphone. The
PIN is only to be used in the Cellphone.
·
If
you have a Hard token (FOB): Enter
the PIN+Token (without spaces) that displays in your
Token.
Note: A new PIN can
be set at https://token.ahs.ca
. See the section 5 for PIN Setup.
3.15 Once completed, click ‘Connect’ and a connection to the
AHS SSL VPN portal should be successful. The window will minimize to the task
bar as shown:
Fortigate SSLVPN Client troubleshooting:
· When the wrong credentials are entered OR you are trying to connect to the SSL VPN from inside the AHS network, a Warning message comes up Saying “Unable to establish the VPN Connection. The VPN server may be unreachable. (-14)” The correct format for Name is <username> and Password is <pin><token code from FOB key> -- or <8-digit Token from Soft Token>. Your PIN (Personal Identification Number) is numeric and between 4 and 8 digits in length. Also please note that connecting to the SSL VPN is not possible when the laptop or mobile device is already connected to the AHS network.
·
NOTE: If
authentication issues persist, you can test that your Token is operational by
logging into web page: https://token.albertahealthservices.ca
... upon successful logon you will see a message about successfully completing
the authentication (and setting your pin if that was required). This is the
only function of the page. Once you have tested the Token, please close the
page.
Important: If you have tested your Token and it
is functional, but FortiClient is still not connecting. Make sure your local
Internet is connected then completely remove FortiClient from your computer,
restart your computer, reinstall it and try to connect with FortiClient once
again.
5. PIN SETUP
5.1 If you have a Soft Token :
a) On
your Cellphone RSA App enter 0000 then click on the arrow ŕ
b) Browse to https://token.ahs.ca and enter your Username and Passcode (the
latest 8-digit Token displaying on your Cellphone) then click on “Logon”:
c)
Enter a new PIN as prompted, submit, re-enter and submit :
+
d) Go back to the RSA App on your Cellphone and click on
PIN (top left) to go back and enter the new PIN you have just set.
e) Enter the new 8-digit Token displaying on your RSA App
of your Cellphone on the Token Website:
f)
Success
5.2 If you have a Hard Token (FOB) :
a) Browse to https://token.ahs.ca and enter your Username and Passcode (the
Token displaying on your FOB) then click on “Logon”:
c)
Enter a new PIN as prompted, submit, re-enter and submit :
+
d) Wait the Token to change on your FOB then enter the
New PIN + Token on the Token Website:
f)
Success
6. REMOTE DESKOP CONNECTION
Once you have
connected FortiClient successfully, use this tool in combination with
FortiClient in order to remotely access an AHS
computer from your personal computer. For that you will need the target AHS
Computer to be online and no user using it.
For Windows OS: Remote Desktop Connection (aka RDP)
is a tool that is already part of Windows Operational System.
6.1 Search
for “Remote” and click on the icon for it.
6.2 Type in
the barcode (machine name) of your computer
followed by healthy.bewell.ca or you can type in
the IP address (ie.
10.117.6.xx) of the target machine.
6.3 Enter
your AHS AD credentials in the format healthy\username
and your password
6.4 If you
get to this screen, you are already at the AHS computer sign-on prompt. This
one you can enter again your username + password (AD password).
For MAC Computers: Remote Desktop Connection is not a
tool that comes already in MAC computers. You will need to install it.
1: Go to App Store
2. Search:
Microsoft Remote Desktop
3: Install
Microsoft Remote Desktop App
4: Open Microsoft Remote Desktop from Launchpad