Automating the Install of FortiClient VPN via MEM (Intune)

Fortinet make it really simple to use their premium EMS product to deploy and manage the free FortiClient VPN. If you’re fortunate enough to have already made an investment in Fortinet EMS, go right ahead and use EMS for your config and deployment.

If, like the rest of us, you haven’t got access to the whole suite, you’ll be using the FortiClient VPN standalone.

I wasn’t able to find a full guide to silently deploy the client and silently configure a VPN profile, so decided to write one.

Downloading the installer

First, you’ll need to obtain the FortiClient VPN EXE: Link: https://www.forticlient.com/downloads

Next, we need to get hold of the “offline installer” from the installer that you just downloaded.

Run the executable you downloaded (eg FortiClientVPNOnlineInstaller_6.4.exe). Click through the prompts and stop just before installing the actual application. The MSI file will be downloaded to %temp%\{GUID}.

Copy the MSI file and store in a packaging dir, (eg C:\Package\), then continue with the installation. Once installed, configure the VPN per the settings that are required for the connection and test.

Export the configuration

Once tested, head to the padlock symbol in the FortiVPN client to elevate to Administrator, then choose Settings (cog icon) then Backup.

Create a .bat with the following content, and place it in the same folder as your backup file and :

msiexec /i "FortiClientVPN.msi" /passive /quiet INSTALLLEVEL=3 DESKTOPSHORTCUT=0 /NORESTART
timeout /t 60 /nobreak
"C:\Program Files\Fortinet\FortiClient\FCConfig.exe" -m vpn -f **backup.conf** -o import -p **password**

Wrap as Intune Win32

Download the Win32 Content Prep Tool from GitHub – microsoft/Microsoft-Win32-Content-Prep-Tool: A tool to wrap Win32 App and then it can be uploaded to Intune

Run the tool to prepare your intunewin file

From the Endpoint Manager Portal, create the app

And assign to an appropriate Group of Users or Devices