FortiClient v5.6 User Guide for Win10 (SRU R58962)
FortiClient VPN allows ESDC employees to remotely and securely connect their departmentally-provided laptop or tablet to the ESDC corporate network over the Internet.
You can login to both Windows and FortiClient VPN using the same credentials (username and password); this is the preferred method. A later section describes an alternative that permits you to do it sequentially instead, only necessary in some circumstances.
Logging into FortiClient VPN (first time)
Logging into FortiClient VPN (first time)
The following steps are for your first login only; with each subsequent login, you will follow the steps described in the next section instead.
To login to FortiClient VPN, you must already have established an Internet connection (Wi-Fi or cable). If you are using a new Internet connection (e.g. at a hotel), please skip to the alternative method for Establishing FortiClient VPN after Windows Login.
- When you login for the first time, you will need to use the Switch User feature to access FortiClient. Press CTRL+ALT+DEL on your keyboard to view the login screen, then select Sign-in Options (circled in green in the image below).
- Next, choose the shield icon (third option)
Note: if you are using an HP Elite Book 840 G3 lightweight laptop, you will not see the entire screen. After selecting Sign-in options and the shield icon, move your mouse to the mid-right and a hidden scrollbar will appear. You can use this to scroll down and see the rest of the screen.
Logging into FortiClient VPN (all subsequent times)
Logging into FortiClient VPN (all subsequent times)
After the first time you login to FortiClient VPN, on subsequent logins you will be able to login to both Windows and FortiClient VPN all in one step. This is the preferred method. You will need the alternative method (see page 8) when a password is required to first establish your Internet connection.
- Select the VPN tunnel to connect to KEC, MTL or MCT (you may try either one). If your device has a small screen (e.g. small form laptops, notebooks, tablets), use the drop-down arrow to open the full dialogue box and display all tunnel options. Note: only some accounts, such as CAWS administrators, will see these additional options.
- Enter your Windows username and password. Check the radio box next to Use my Windows credentials for VPN (if it is not checked), then press the Enter key on your keyboard.
- You will next see a message to confirm that your connection is being established, e.g. "Connecting to VPN (srv541.services.gc.ca) - MCT".
- You will now proceed in one of two ways, depending on whether you are using an Entrust eGrid or Soft Token authentication.
Steps for Using Entrust eGrid
Steps for Using Entrust eGrid
Note: see the instructions at the end of this guide, if you are interested in obtaining an eGrid.
- In the VPN Login window, you will use your Entrust eGrid to respond to the 3-character challenge. Your Windows username will normally be prefilled, or you can type it now. For the Password field, enter your response to the eGrid 3-character challenge and then select the OK button.
Example: a request for [B5] [F3] and [F4] will produce "VD4" using the eGrid image below.
- You should then see "Welcome" and "Connection successful" messages to indicate a successful connection to Windows and to your desktop.
- After you are successfully logged in, you will see a checkmark icon in the system tray (bottom-right corner of your Windows screen), or you can find it by selecting the Up arrow in the System Tray. This checkmark confirms that you have an active connection.
Steps for using a Soft Token
Steps for using a Soft Token
- In the VPN Login window, you will use your Soft token to obtain your password. Your Windows username will usually be prefilled, or you can type it now. For the Password field, enter the password you obtain with your Soft Token and then select the OK button.
- You should then see "Welcome" and "Connection successful" messages to indicate successful connection to Windows and to your desktop.
- After you are successfully logged in, you will see a checkmark icon in the system tray (bottom-right corner of your Windows screen), or you can find it by selecting the Up arrow in the System Tray. This checkmark confirms that you have an active connection.
- In the VPN Login window, you will use your Entrust eGrid to respond to the 3-character challenge. Your Windows username will normally be prefilled, or you can type it now. For the Password field, enter your response to the eGrid 3-character challenge and then select the OK button.
Connecting to FortiClient VPN after Windows Login
Connecting to FortiClient VPN after Windows Login
You will require this alternative approach to logging in whenever you encounter a Wi-Fi security page (e.g. at a hotel while on travel) or in any new Wi-Fi location, where a Wi-Fi password is required to establish your Internet connection.
You can establish a FortiClient VPN after you have logged into Windows.
- Look for the FortiClient VPN icon (green checkmark) in the System Tray (bottom-right corner of your Windows screen). If you do not see it at first, use the Up arrow to display all icons.
- Right-click on the FortiClient VPN icon (green checkmark). Select the connection to MTL or MCT (you may try either one). If your device has a small screen (e.g. small form laptops, notebooks, tablets), use the dropdown arrow to open the full dialogue box and display all tunnel options. Note: only some accounts, such as CAWS administrators, will see these additional options.
- In the FortiClient Console window, enter your network (Windows) username and password, then select the Connect button.
- You will see a status message below your login information to note that the connection is in progress. If it appears to be taking an unusually long time, you may need to select the Disconnect button and try again.
- You will now proceed in one of two ways, depending on whether you are using an Entrust eGrid or Soft Token authentication.
Steps for Using Entrust eGrid
Steps for Using Entrust eGrid
Note: see the instructions at the end of this guide, if you are interested in obtaining an eGrid.
- In the FortiClient Console window, use your Entrust eGrid to respond to the 3-character challenge. Your network (Windows) username should be prefilled. Enter your response to the eGrid 3-character challenge in the third field ( ), then select the OK button.
Example: a request for [B5] [F3] and [F4] will produce "VD4" using the eGrid image below.
- Once successfully logged in you will see the FortiClient VPN icon (green checkmark) in the System Tray (bottom-right corner of your Windows screen). If you do not see it at first, use the open arrow to display all icons.
Steps for Using a Soft Token
Steps for Using a Soft Token
- In the VPN Login window, you will use your Soft token to obtain your password. Your Windows username will usually be prefilled, or you can type it now. For the Password field, enter the password you obtain with your Soft Token and then select the OK button.
- After you are successfully logged in, you will see a checkmark icon in the system tray (bottom-right corner of your Windows screen), or you can find it by selecting the Up arrow in the System Tray. This checkmark confirms that you have an active connection.
- In the FortiClient Console window, use your Entrust eGrid to respond to the 3-character challenge. Your network (Windows) username should be prefilled. Enter your response to the eGrid 3-character challenge in the third field ( ), then select the OK button.
Disconnecting from VPN
Disconnecting from VPN
Note: locking your laptop (CTRL + ALT + DEL) or siging off (i.e. logging out) from your network account will not disconnect your VPN session.
Your VPN session will disconnect automatically after 24 hours, or if:
- Your laptop is disconnected from the network (i.e. your network cable is unplugged, or Wi-Fi is turned off) for more than thirty seconds;
- You restart your laptop; or
- You shut down your laptop.
- Closing the lid of your laptop will also disconnect your VPN session, if your laptop is configured to shut down on lid closure.
Obtaining an Entrust eGrid
Obtaining an Entrust eGrid
To obtain an Entrust eGrid as your authentication method:
- Visit the Entrust Identity Guard self-service portal
- Login using your network (Windows) username and password.
- Select the option "I'd like to have my eGrid reissued since I no longer have it."