Introduction:

OCAD provides VPN (Virtual Private Network) access to all administrative employees for the purpose of business continuity.

A VPN provides a secure extension of a private network (OCAD's internal network) into an insecure network (the Internet). It allows authenticated users to access services (ie. network drives, remote desktop) that would normally be blocked from outside the institution.

Never reveal your username and password to anyone. IT Services will never request for you to provide your username and password via e-mail. Please ensure you disconnect the VPN when you have completed your work.

You do not need VPN to access OCADU email, O365 shared drive contents, or other web services, as they can be accessed through a web browser from any remote location.  VPN access is appropriate for those users needing access to their office workstation from external locations, or those who need access to department-specific internal services that are not accessible remotely.

Getting Started

If you don't already have access to the OCADU VPN, please contact the IT Help Desk.  Your account will need to be modified before you are granted access.  Once that is done, you may bring your computer to the Help Desk to get the application installed, or you can do it yourself.  If you would like to do it yourself, please continue reading.

OCADU Services Available via VPN Connection

The following services are available when you connect to OCADU network through FortiClient VPN. 

• Remote Desktop to your office computers
• Colleague UI
• CRM Recruitment
• CROA
• Reliable web portal (Building Automation System)

Two-factor authentication

 IT Services is implementing two-factor authentication for all VPN accounts with the email method or Duo push.

1-Email method: When you try to log into forticlient with your username, verification email will always be sent to your email address.

2-Duo app:A push will be sent to your mobile Duo app for your approval.

Note:Please make sure you have the mobile phone installed with Duo app available when you need to use VPN connection. A push will be sent to your mobile Duo app for your approval. After entering your username and password in the forticlient , please check the Dou app on your phone. Just click on "Accept" on your mobile phone and FortiClient will proceed to connect.

Setting up SSL-VPN Connection on your laptop -using the Forticlient:

-Download and install the Forticlient application from http://forticlient.com/downloads

-Once you go to Forticlient web site please scroll down and click on the “Get FortiClient“ link appropriate for your operating system.

-On the Remote Access tab in the FortiClient console, use the drop-down menu and click on "Add a new connection" 

-Select SSL-VPN, then configure the following settings:

• Connection Name: Enter a name for the connection e.g. OCADU
• Description : Enter a description for the connection. (optional)
• Remote Gateway: VPN.OCADU.CA
• Customize port:4431
  Note:You must click 'customize port' and specify port 4431. 
• Client Certificate:None (At this time we don't use a client certificate.)
• Username:Enter the user's username and give the profile a name.   
• Two factor authentication:
  • If you are a Duo user,  a push will be sent to your mobile Duo app for your approval.  Simple click on "Accept" on your mobile phone and FortiClient will proceed to connect. 
  • If you are not a Duo user, you are required to enter the PIN emailed to you.

 Troubleshooting

Strange errors (code -12, etc) can be solved by performing a vulnerability scan on the Forticlient.  Also, make sure to keep your OS up to date.  If there are updates waiting to be installed, the Forticlient may fail to connect.