Thursday, December 5, 2024
HomevpnVPN Access from China: Configuring the Fortinet VPN

VPN Access from China: Configuring the Fortinet VPN

Published on

SIEM as a Service

Access to the internet has been restricted in China since the 1990s, as the Communist government has sought ways to limit not only its citizens’ consumption of news and information but also their interaction with those outside of China.

However, as both individuals and businesses seek access to information and an ability to conduct transactions with those outside of China, the use of VPNs (Virtual Private Networks) to circumvent these restrictions have become a necessary tool. FortiClient, Fortinet’s Next-Generation Endpoint Protection, provides users with secure remote access with a built-in VPN.

How to Access VPN from China

China first made it illegal to access the “foreign internet” without government permission in 1997. What soon came to be known as the “Great Firewall of China,” the Communist Party’s restrictions on internet access increased through the decades and has been seen as a way to control public consumption of content originating outside of China.

- Advertisement - SIEM as a Service

As a result, the use of VPNs to circumvent these rules and access the internet has proliferated. VPNs encrypt data, essentially anonymizing one’s activity and spoofing one’s location. VPNs hide one’s IP address, physical location, browsing history, and the type of device used to access the internet.  As such, VPNs allow not only Chinese citizens to enjoy popular social networks and banned websites like YouTube, Google, Wikipedia, and the New York Times, but also Chinese corporations to secure company data and communicate with businesses overseas.

The ability to access banned sites might be the first reason individuals in China might consider a VPN. However, the security and privacy of the encrypted connection should truly be the main reason users opt for the VPN when wishing to browse the internet in China.  Even if internet users in China access sites permitted by the Chinese government, they should still lean on the VPN for privacy.

At issue is that an individual or a business needs a license from the government to use a VPN. In early 2019, China started issuing $145 fines to those citizens found to be using an unauthorized VPN service. It is unclear whether this will reduce wide-scale VPN usage: according to data compiled by GlobalWebIndex, 31% of China’s internet users use a VPN. The good news is that no non-Chinese national has ever been prosecuted for using an unauthorized VPN.

Benefits of Using the Fortinet FortiClient VPN

China has also been known to target VPN companies. The country uses protocol identification and other advanced tools to detect and block certain VPNs from being functional while used in China. Luckily, China does not block the FortiClient VPN.

FortiClient is more than just a VPN providing secure access: it also provides compliance and protection built into a single lightweight client. Advanced threat protection against malware is provided by integration with Chinese Fortinet FortiGuard.

It’s also a good idea to use a VPN that’s more than just single-use. Fortinet China FortiClient VPN is part of a Security Fabric Integration that gives organizations a unified view of endpoints for enhanced tracking, enforcement, and reporting. As such, if there are any known issues with suspected malware, your IT administrator will communicate this to all users instantly.

This creates a freer, safer browsing experience for you. Your connection is secure because it is encrypted, but there is added protection against even sophisticated malicious threats. While internet users in China may simply seek a way to access U.S.-based social networks without government interference, malware tied to the Chinese government is a growing problem. In August 2020, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, and the Department of Defense identified a type of malware used by the Chinese government in spear-phishing attacks.

As such, a robust VPN like FortiClient VPN can serve as a defense against such malicious activity.

Steps to Configure the FortiClient VPN: Installation and Setup

We’ve provided a step-by-step instruction guide on how to install and configure the FortiClient VPN. If you have any questions about installation, please contact your organization’s IT administrator.

Installing and Setting Up the Fortinet FortiClient VPN from China

VPN Registration

You must first register to use the VPN service with your IT administrator. Luckily, you will not need to rely on downloading the Fortinet FortiClient VPN from the Apple or Android app stores, as the Chinese government has removed VPN apps from the app stores. You can use the FortiClient VPN on your laptop, tablet, or smartphone.

Fortinet VPN installation and configuration

First, make sure that your OS (operating system) is fully up to date. It does not have to be the latest release of the OS but make sure that all security patches have been installed.

If you have anti-virus or anti-malware software installed on your device, you will want the latest version of this as well.

FortiClient VPN 6.4 requires Windows 7, 8.1, or 10 (32 or 64 bit) before it will install.

First, install the FortiClient VPN application.

  1. Download the FortiClient VPN
  2. Once downloaded, double-click on the executable file or installer (FortiClientVPNOnlineInstaller_6.4.exe)
  3. Read through and accept the license agreement.
  4. On the screen which shows the Destination Folder, leave it as the default value: “C:\Program Files\Fortinet\FortiClient”
  5. On the screen which shows Ready To Install FortiClient, click “Install”.
  6. Once the install is complete, click “Finish”.
  7. Then, launch the FortiClient VPN application.

Once installed, you must now configure the SSL VPN connection.

  1. For VPN select “SSL-VPN”
  2. For Connection Name enter “VPN – SSL” – (Ask your IT administrator if there is a preferred Connection Name.)
  3. For Description enter “SSL VPN Connection to ______” (Ask your IT administrator if there is a preferred Description to enter here.)
  4. For Remote Gateway enter a URL or Web address provided by your IT administrator.
  5. Tick Customize port and enter 8443.
  6. Leave all other values with their default settings:
    1. Enable Single Sign ON (SSO) for VPN Tunnel = unticked
    2. Client Certificate = “None”
    3. Authentication = “Prompt on login”
    4. Do not Warn Invalid Server Certificate = unticked
  7. Click Save to save the configuration
  8. Select the VPN connection you have just created from the “VPN Name” field
  9. Enter your username and VPN password (this should be distinct from your device password) and click ‘Connect’.

  The above steps are based on version 6.4 of the FortiClient VPN application.

Unlike other VPN providers, FortiClient offers two-factor authentication for added security. While a strong password is essential (most likely at least 8 characters, including alphanumeric and special characters), ask your IT administrator if two-factor authentication can be enabled. Once your VPN has been configured, you will want to test your VPN connection.

Once connected to the internet via the VPN, test your connection. Visit a password-protected site that you visit regularly and log in. It should connect smoothly without delays. If you are experiencing delays, contact your IT administrator.  After you have finished your internet session, you will want to safely disconnect your VPN connection. To do this, simply open the VPN Connected window and click Disconnect.

If you plan on using a new device to access the internet in China, be sure to contact your IT administrator to have the Fortinet FortiClient VPN installed on that device.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

North Korean Hackers Exploit VPN Update Flaw To Breach Networks

North Korean state-sponsored hacking groups, including Kimsuky (APT43) and Andariel (APT45), have significantly increased...

Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data

Hackers are offering "free" mobile data access on Telegram channels by exploiting loopholes in...

Free Android VPNs Suffering Encryption Failures, New Report

VPN apps for Android increase privacy and security over the internet since connection data...