Apr 03, 2020 Generating a strong pre-shared key A pre-shared key (also called a shared secret or PSK) is used to authenticate the Cloud VPN tunnel to your peer VPN gateway. As a security best practice, it's recommended that you generate a strong 32-character shared secret. The FortiGate dialup server compares the local ID that you specify at each dialup client to the FortiGate user-account user name. The dialup-client preshared key is compared to a FortiGate user-account password.
How to generate secure pre-shared keys (PSK) for an IPSec VPN I build VPNs regularly, and one of the problems that comes up regularly is how to exchange PSK's. Some people are happy to exchange them over email, and others not (particularly because of ISO/IEC 27002). The IPsec VPN is a pre-shared key configuration that also requires users to authenticate with their own credentials to be able to connect to the VPN. This recipe assumes that a user ( dprince ) and a user group ( WinPhoneUsers ) have already been created on the FortiGate. The pre-shared key is not specified in the phase1 configuration. Instead, each key is represented by a local user. The client indicates which name/password (key) to use by entering the username as the localID or leaving the localID blank and instead only define a pre-shared key in the form of username+key/password as one long string.
You have a few options:
1.) License FortiClient EMS (I think that's what it's called) which gives you access to central FortiClient management through your Fortigate. https://brasiltree956.weebly.com/blog/origin-download-manager-for-mac. I believe this also gives you access to the FortiClient custom configurator to make custom installs.
2.) Use a custom XML and deploy via script.. This is what we do.
First you configure 1 FortiClient machine and then export it's configuration. Take XML file and make any further customizations and then use a GPO or a deployment tool (we use PDQ Deploy) to install this XML file on each machine by running this command:
C:Program Files (x86) FortinetForticlientfcconfig.exe
For specifics, see the last post in this thread:
https://forum.fortinet.com/m/tm.aspx?m=96566&p=
For XML configuration options see Fortinet docs..
http://docs.fortinet.com/d/fortclient-5.4.2-xml-reference