My office is using Dell 3040 Thin Clients with a built-in OpenConnect VPN manager. I can’t see any way to modify its configuration and it only has VPN server, username, password for connection options.
I’ve seen mixed responses about whether a VPN connection can be made to work with a FortiGate 200E from these thin clients. Can anyone confirm whether or not these are compatible, and ideally point me towards a reliable source?
As far as I can tell, it isn’t an option for us to use a Fortinet-made VPN client on the Dell 3040 thin clients.
So, OpenConnect does “support” Fortinet SSL VPN. I’ve never used it for Fortinet, but we have users that use it for Cisco AnyConnect and it does work. You mileage may vary though, and TAC certainly isn’t going to help you with issues. Try it and see?
This is what I’m hearing online, that you can’t use SSL-VPN with a non-Fortinet client, but I haven’t found anything yet from Fortinet themselves saying this. Do you know of an authoritative source that I can point to as proof of this fact?
No, because you can’t prove a negative. I can tell you that all vendor SSLVPN products are proprietary, and IF you can find a 3rd party client that will work with them, it will be completely unsupported. That said, I’m assuming you saw this:
I mean, spin your wheels if you want to, trying to get something to work. Perhaps you’re really smart and can reverse engineer their protocols and write something yourself. However, to your point, you can’t install anything on your thin clients anyway, so it’s kind of pointless to argue this.
Can you use an alternate thin client OS, like IGEL? Some of the non-Wyse client software doesn’t completely suck and allows you to add component packages to permit IPSec or other VPN clients.
Bottom line though, I would be shocked and awed if you were ever able to get this to work the way you’re trying to. A full version of OpenConnect might be able to do it, but the slightest change on the Fortinet side could render it inert pretty quickly.
Thanks for this. Yes, I did see that page which is what added to my confusion about OpenConnect as the thin client OS doesn’t seem to have the configuration capabilities mentioned there.
I actually didn’t realize that proprietary SSLVPN products are the default as I’ve mostly dealt with FOSS solutions.
In the end, I’m pretty sure we will need to switch thin clients. Thank you for your help.