How to Set Up OCAD U FortiClient VPN (Mac & Windows)
Updated: 13 November 2020 02:56 PM

Introduction:

OCAD provides VPN (Virtual Private Network) access to all administrative employees for the purpose of business continuity.

A VPN provides a secure extension of a private network (OCAD's internal network) into an insecure network (the Internet). It allows authenticated users to access services (ie. network drives, remote desktop) that would normally be blocked from access outside the institution.

IMPORTANT: Never reveal your username and password to anyone. IT Services will never request for you to provide your username and password via e-mail. Please ensure that you disconnect from the VPN when you have completed your work.

You do not need VPN to access OCADU email, O365 shared drive contents, or other web services, as they can be accessed through a web browser from any remote location.  VPN access is appropriate for those users needing access to their office workstation from external locations, or those who need access to department-specific internal services that are not accessible remotely.

 

Related Articles:

 

OCADU Services Requiring a VPN Connection

The following services are available when you connect to OCADU network through FortiClient VPN. 

  • Admissions Reporting Tool
  • Colleague UI
  • CRM Recruitment
  • CROA
  • Finance Payment Files
  • Finance PO Files
  • HRIS Payroll Files
  • InfoSilem Enterprise
  • Laptopinfo
  • Laserfische Repository
  • Registrar USER Reporting Tool
  • Test/Dev Colleague Environments
  • Reliable Web Portal (Building Automation System)
  • Remote Desktop to your office computers (Only required for department-specific applications)
  • Ares (Remote Desktop Required)
  • CCURE (Remote Desktop Required)
  • Clockworks (Remote Desktop Required)
  • Destiny One Staff Interface (Remote Desktop Required)
  • Filemaker (Remote Desktop Required)
  • Mainboss (Remote Desktop Required)
  • Synoptix (Remote Desktop Required)

 

Getting Started

These are the steps that you'll need to follow to get VPN access set up. 

  1. Request VPN Access from the IT Help Desk at ithelp@ocadu.ca
  2. Update your Operating System (OS) to the latest version
  3. Setting up the SSL-VPN Connection
  4. Vulnerability Scan
  5. Session Login: Two-Factor Authentication
    • Email Token Code
    • Duo App Push
  6. Disconnect from the VPN

FAQs:

 

Request VPN Access

If you don't already have access to the OCADU VPN, please contact the IT Help Desk at ithelp@ocadu.ca to request access, as your account will need to be modified before you are granted access. If you need help with the installation, please contact the IT Help Desk. 

 

Update Your Operating System (OS)

Make sure to update your Operating System (OS) to the latest version. If there are updates waiting to be installed, the Forticlient (VPN application) may fail to connect.

 

Anti-Virus Scans

Please ensure that your anti-virus is up-to-date. Perform any anti-virus scans and follow the instructions for your anti-virus software. For more information on protecting yourself, please read this KB article: Security: Protecting Yourself Against Viruses and Malware

 

Download the Forticlient v6.4 Application

To download the Forticlient version 6.0 application, please go here:

  

Setting up the SSL-VPN Connection

1. On the Remote Access tab in the FortiClient console, use the drop-down menu and click on "Add a new connection" 

 

2. Select the SSL-VPN tab, then configure the following settings:

  • Connection Name: Enter a name for the connection e.g. OCADU
  • Description: Enter a description for the connection. (optional) e.g. OCADU
  • Remote Gateway: VPN.OCADU.CA
  • Customize port: 4431
    • Note: You must check the 'customize port' box and specify port 4431. 
  • Client Certificate: None (We don't use a client certificate.)
  • Authentication: Click on "Prompt on login"

3. Click the on the "Save" button

Connection Instructions

 

Vulnerability Scan

1. Once you have set up a connection, click on the "Vulnerability Scan" tab in the left-hand panel and click on the "Scan Now" button to start the vulnerability scan. 

Scan Now

2. This screen will appear, and the scan may take several minutes.

Scanning

3. If there are any vulnerabilities found, the screen will look like this. Click on the total number to see the details.

Found

4. Click the + next to any category with a number. 

5. Click the check box next to the issues found. 

6. Click Install selected. This may take some time as the software updates and you may be prompted to restart your machine. If this happens, reopen the Forticlient application and run the Vulnerability scan again. 

Patch

As long as  there are no Critical issues, you can usually connect but it is best to install all of the recommended updates.

 

Session Login: Two-Factor Authentication

IT Services has implemented two-factor authentication for all VPN accounts, with an email being sent with a token code or a Duo push.

  • Email Token Code: When you log into the Forticlient application with your username and password, an email will always be sent to your email address with your token code. 
    • Enter the Token Code, that was sent to your OCAD U email, into the Forticlient app
  • Duo App Push: A push will be sent to your mobile Duo app for your approval.
    • IMPORTANT: Please make sure you have the mobile phone installed with Duo app available when you need to use the VPN connection. 
      • A push will be sent to your mobile device on the Duo app for your approval. 
      • After entering your username and password in the Forticlient, please check the Duo app on your phone.
      • Click on "Accept" on your mobile phone and FortiClient will proceed to connect.

1. Log into the Forticlient app with your username and password.

2a. An email with the token code will be sent to your OCAD U email

2b. If you are a Duo user, you can check the Duo app on your mobile device and click on "Accept".

Duo Notification Accept 

3. Once you've entered your token code or accepted the Duo push, you'll be logged into the VPN. 

 

Disconnect from the VPN

Please disconnect from the VPN if you are stepping away for a break or are done using the VPN, so that the resources that have been allocated to keeping your session open can be freed up for other users. 

Disconnect 

  

Frequently Asked Questions (FAQs) and Answers:

 

Q: Why does my session keep disconnecting every minute?

A: If your session keeps disconnecting every minute, the date and time may be incorrect on your machine. Please make sure that your date and time on your machine is correct. 

> back to top

 

Q: Why do I have to keep signing-in after stepping away from my machine?

A: When your machine goes to sleep, the VPN connection disconnects. You'll have to re-connect the VPN again by signing-in and getting a new session token. 

> back to top

 

Q: What do I do, if I get the error "Your computer does not meet the host checking requirement"?

A: If the error shows up, run the "Vulnerability Scan" again and fix any before proceeding. 

> back to top

 

Q: Who can I contact for help?

A: If you need assistance with setting up your VPN, please contact the IT Help Desk at ithelp@ocadu.ca with a screenshot of your error message and any additional details that you can provide. 

> back to top 

 

Q: Does Teams work on VPN or when using the Remote Desktop?

A:  Yes, Teams does work using the VPN. It is not recommended to use Teams with Remote Desktop unless it is absolutely required. You may experience some slowness using the VPN or Remote Desktop. Please be sure to disconnect from the VPN or Remote Desktop if you are stepping away from the computer or you no longer need access. 

> back to top 

  



Attachments 
 
 1.png (39.86 KB)
 2.png (53.77 KB)
 3.png (40.48 KB)
 Vulnerabilities scan.png (64.47 KB)
 4.png (59.95 KB)
 Email_Auth_Code.png (13.93 KB)
 Duo-NotificationAccept.png (1.21 MB)
 Disconnect.png (48.05 KB)
 VPN - 1-Scan Now.jpg (46.23 KB)
 VPN - 2-Scanning.jpg (32.26 KB)
 VPN - 3-Vulnerabilities Found.jpg (43.89 KB)
 VPN - 4-Patch Vulnerabilities.jpg (66.69 KB)