One of our customers is running FortiGate and if we want to connect to them? Well, we need to use FortiClient.
However, a coworker had problems getting the VPN client to install at all (I wasn't around to help at the time). Eventually he installed the Windows 10 "store" client. With that installed, once I was at the office, I was able to add an exception to our Sophos UTM and allow him to connect.
However, now he needs to install the VPN client on a machine which isn't running Windows 10, and the "regular" Windows client for FortiGate is some kind of on-line installer... and I'm having severe problems making a firewall rule to let it work correctly.
It first opens an UDP connection on port 137 and... that's about as far as I got. I've even tried making an "All -> Any -> All" rule to see if THAT gets it to work. It didn't. The installer is stuck trying to "download" the install package.
I eventually managed to download the offline FortiClient installer using my home-machine, but I'd still like to know what just happened and why I was unable to get the client to download from our Sophos-protected network... Any suggestions?
EDIT:
Some progress - the installer tries to download the install files using regular TCP port 80. However, it does so from seemingly random IP addresses, so the Web Protection module, acting as a proxy, is either taking too long or is showing the warning message. I'd WOULD add an exception for this, except that since the IPs seem so random, I'm not sure what to add...
This thread was automatically locked due to age.
