Aggie Desktop and Fortinet VPN

Here’s what we’re doing:

• For units that subscribe to Aggie Desktop BigFix Self-Service Software Installation, we have released content for both Windows and Mac. Users may use the UC Davis Self-Service Application from their system tray (Win) or menu bar (Mac) to install FortiClient VPN. The client is pre-configured for the onramp.ucdavis.edu VPN configuration (both full- and split-tunnel). 

  • These SSA offers are currently available to the Workstations-Test population.

  • The fixlets have also been shared to the Common site for the use of departments that don't subscribe to Aggie Desktop services.

• For units that subscribe to the Aggie Desktop Jamf service, we have released a configuration profile for FortiClient VPN that automatically loads the needed certificates, approves the various Policy Preferences Privacy Control (PPPC) prompts so that users installing and using FortiClient VPN will not be prompted to accept settings, and enables notifications from FortiClient VPN. This configuration profile should suppress approval requests regardless of how FortiClient VPN is installed.

  • In our testing, subsequent re-installs of FortiClient VPN do not respect the Jamf configuration profiles and display some approval request notifications.

• If and when the Fortinet-based VPN service launches, Aggie Desktop will package updates to FortiClient VPN and include those updates in our weekly patching baselines for the Aggie Desktop BigFix Patching service in addition to updating the self-service content.