This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BitLocker/SafeGuard and Forticlient VPN

Good afternoon,

We currently use Forticlient for our users to connect to our network via VPN, there is a setting on our Forticlient software to Auto Connect on sign in, this option is only allowed on the icon without the cog.

When trying to login using the cog user, that option isn't there, is there a setting somewhere?

Thanks and kind regards,



This thread was automatically locked due to age.
Parents Reply Children
  • I'm not sure what you're trying to do sorry? Fortinet isn't compatible with SafeGuard as far as I understand, so the users will need to log in with the Sophos cog (Credential provider) and then authenticate to other systems/VPN once logged in?

    All standard installs will have the Sophos Credential Provider already installed - it's not an optional extra?

  • I didn't realise that it is installed as default with standard installs. So if it isn't compatible does that mean we can't use the "Sign-in" options for SafeGuard so we can connect VPN on sign in? Because looking at support.sophos.com/.../KB-000033955

  • Do you have a cog/Sophos CP at the welcome screen like this?

    If you do then that article isn't relevant. That's to fix a fault it the credential provider has not installed, not a workaround to make it work with a VPN/other cred providers sadly. Yes, I'm afraid it's unlikely you can use that - users will need to sign in and then authenticate to the VPN. You could use Sign-in options potentially to auth with your VPN but then you would HAVE to auth with SafeGuard instead when you did log in! I didn't look too hard into this as we at the time didn't have an AO VPN - but either way it wasn't going to be transparent and seamless!

  • Yes we have the cog, but just wanted the "Sign in" options so we can connect the VPN on Sign in like Image 2 in the link you provided.

    As long as we no it's not compatible then I don't need to investigate further.

  • SafeGuard needs to authenticate so it knows who you are for policies/management. It would be fantastic if it was done just the once and passed onto other systems, but sadly the range of other credential providers it works with are slim. Now a defined EOL has been given too - I'm doubtful that any new dev will go into the product. We advise our users to just use the Sophos cog (in terms they'd appreciate) and then log into the VPN once they're in Windows. In actual fact it's just a little more long winded but still works well.

  • Thanks, the reason we wanted automatic sign in for our VPN was for remoted users so GPO get applied i.e. Wallpapers etc

  • GPO's will still apply once they're logged in - just not so instantly. You could always add a scheduled task to poll for GPO changes more frequently? I'm afraid to say though - you're heading into the MDM territory more and more, exactly as we found ourselves too. We now use Intune/Autopilot for this (and other) reasons. We don't have file encryption as such, but we weren't using it anyway. Our MDM managed workstations (laptops AND PC's) look and feel like an on-premise device - despite not ever being on the home network. I appreciate this isn't helpful when you want to get SSG to work, but it's a great product for fixed estate. It's always been a bit more challenging for roaming devices. Feel free to PM me directly if you wish with more detail on what we've done. Cheers

  • Many thanks for your help on this, it's much appreciated. We are also looking into Intune too, so fingers crossed. Thanks again.