Patch My PC Feature and Application Request
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize request, please see:
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize request, please see:
We would like to see the FortiClient VPN application added to the list of applications to be updated.
Basically the msi /x of the current version strips out the registry keys and wipes the profile info on uninstall. I assum PMPC does a uninstall / install thus the keys go. As per everyone else FortiNet would basically say use the Paid client....
I added a post install .bat and some reg keys:
REG ADD "HKLM\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\Company VPN" /v "Description" /t REG_SZ /d "Company VPN"
REG ADD "HKLM\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\Company VPN" /v "Server" /t REG_SZ /d "serveraddress:port"
REG ADD "HKLM\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\Company VPN" /v "DATA1" /t REG_SZ /d ""
REG ADD "HKLM\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\Company VPN" /v "promptusername" /t REG_DWORD /d 1
REG ADD "HKLM\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\Company VPN" /v "promptcertificate" /t REG_DWORD /d 0
REG ADD "HKLM\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\Company VPN" /v "DATA3" /t REG_SZ /d ""
REG ADD "HKLM\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\Company VPN" /v "ServerCert" /t REG_SZ /d "1"
REG ADD "HKLM\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\Company VPN" /v "sso_enabled" /t REG_DWORD /d 0
REG ADD "HKLM\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\Company VPN" /v "use_external_browser" /t REG_DWORD /d 0
REG ADD "HKLM\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\Company VPN" /v "dual_stack" /t REG_DWORD /d 0
I have also seen where it wipes the vpn config on update. It also occurs when the update is manually run. We used a powershell script in intune running at boot to get around this. I tried cracking the MSI open in Orca but could not find a way to specify these parameters at install of the update. Ideally, that is what we should be able to do or a silent switch to enter those parameters but I think Forti doesn't provide this just to force you to buy the paid version of the VPN client. I also tried running the powershell script as a post script in PMPC but it requires elevating or changing the execution policy on the local machines. Would love to find a workaround for this as well to make the update process less painful.
Hi @Allen Olsen
I suspect this is an issue specifically with the FortiClient VPN installer itself, as all PatchMyPC-ScriptRunner does is run the installer for FortiClient VPN.
I'd be keen to know if you see the same behaviour if you manually run the installer for the new version of the FortiClient VPN on a device running a configured older version.
Additionally, I'd be keen to see the client side logs generated by the FortiClient VPN installer if you have the Manage Installation Logging option enabled for that product in the Publisher.
If you can test that, and grab those logs and send them to scott@patchmypc.com that'd be fantastic :)
Hi, thanks for support FortiClient..
But due to the issue with the Sites config getting wiped, I have disabled the package from Auto-Publishing updates.
Do we have a solution for this, or is this a general issue with FortiClient VPN?
Refreshing: Will FortiClient EMS be installable in that way?
@Matt Hall. We found the same thing in our environment updating to 7.0.3 and we had done this with SCCM, not PatchMyPC.
Was quite annoying. We add the VPN settings via GPO, but I also emailed all staff as we have a number of people that would be working from home when it updated. Went pretty smoothly except for the obvious people who don't read emails from Helpdesk.
I guess you could have a post install script that applies a registry file and that should do the job?
Hey Matt, If you're having issues please reach out to support@patchmypc.com
Got it working but noticed it wipes your VPN settings / config on updating. Any workaround for that? or just a crappy MSI from FortiNet?
This appears to be working fine for us for the free version.
If you're having issues with this, definitely reach out to us support@patchmypc.com
Has anyone been able to successfully deploy this?
Will FortiClient EMS be installable in that way?
FortiClient VPN 7.0.3.0193 (MSI-x64) 3/23/2022 12:47:43 PM 0 bytes
An web error occurred while downloading the file: UnknownError An exception occurred during a WebClient request.
Chris Moore��� | Systems Administrator | Rather Outdoors Corporation
Tel: (803) 830-5978
Email: cmoore@ratheroutdoors.com
Service Desk:
North America: (803) 324���6669 |
UK: +44 1277 285118 | EU/China: +32 33040180
[https://asset.productmarketingcloud.com/api/assetstorage/1612_457d1d3b-24e7-4e9e-994d-77152608da6c/Original/globalsig-upload2.jpg]
Hey Simon,
I see I am missing the Forticlient intune app as well though other new ones I pushed are there as well. I am not as sharp on the logs anymore to tell you why mine failed but assume it's a similar issue. Noticing the same thing with GlobalProtect but that may be due to it requiring an msi file in the app folder similar to Forti.
Chris Moore? | Systems Administrator | Rather Outdoors Corporation
Tel: (803) 830-5978
Email: cmoore@ratheroutdoors.com
Service Desk:
North America: (803) 324-6669 |
UK: +44 1277 285118 | EU/China: +32 33040180
[https://asset.productmarketingcloud.com/api/assetstorage/1612_457d1d3b-24e7-4e9e-994d-77152608da6c/Original/globalsig-upload2.jpg]
Hey Simon, can you ping over a copy of PatchMyPC.log to support@patchmypc.com please?
Has anyone been able to successfully deploy this?
I've extracted the MSI and put it in the content directory and it's failed in creating the MSI Intune app because the latest download of Forticlient VPN free version is 7.0.2.009. The paid version is 7.0.3.0193 which it seems it's looking for.
Please advise.
Woohoo!
Chris Moore? | Systems Administrator | Rather Outdoors Corporation
Tel: (803) 830-5978
Email: cmoore@ratheroutdoors.com
Service Desk:
North America: (803) 324-6669 |
UK: +44 1277 285118 | EU/China: +32 33040180
[https://asset.productmarketingcloud.com/api/assetstorage/1612_457d1d3b-24e7-4e9e-994d-77152608da6c/Original/globalsig-upload2.jpg]
Hey everyone!
Sorry for the spam. All going well, the MSI/Free version of the Forticlient VPN should be in todays catalogue release. Please review this KB article before enabling this product in the Publisher - https://patchmypc.com/forticlientvpnmsi
Excellent thanks Scott, will be a great help
Hey everyone. Please be aware that in order to accommodate the MSI/Free version of the Forticlient VPN we will be making a change to the EXE/Paid version in our catalog.
The name of the product will change from "Forticlient VPN" to "Forticlient VPN (EXE-x64)".
This change will be live in todays catalog release. If you have this product selected currently, it will be deselected when the name change is pulled down meaning you will need to reselect the product in your Publisher installation.
The MSI/Free version of the Forticlient VPN should be available in the catalog later this week.