VPN Access from China: Configuring the Fortinet VPN

Access to the internet has been restricted in China since the 1990s, as the Communist government has sought ways to limit not only its citizens’ consumption of news and information but also their interaction with those outside of China.

However, as both individuals and businesses seek access to information and an ability to conduct transactions with those outside of China, the use of VPNs (Virtual Private Networks) to circumvent these restrictions have become a necessary tool. FortiClient, Fortinet’s Next-Generation Endpoint Protection, provides users with secure remote access with a built-in VPN.

How to Access VPN from China

China first made it illegal to access the “foreign internet” without government permission in 1997. What soon came to be known as the “Great Firewall of China,” the Communist Party’s restrictions on internet access increased through the decades and has been seen as a way to control public consumption of content originating outside of China.

As a result, the use of VPNs to circumvent these rules and access the internet has proliferated. VPNs encrypt data, essentially anonymizing one’s activity and spoofing one’s location. VPNs hide one’s IP address, physical location, browsing history, and the type of device used to access the internet.  As such, VPNs allow not only Chinese citizens to enjoy popular social networks and banned websites like YouTube, Google, Wikipedia, and the New York Times, but also Chinese corporations to secure company data and communicate with businesses overseas.

The ability to access banned sites might be the first reason individuals in China might consider a VPN. However, the security and privacy of the encrypted connection should truly be the main reason users opt for the VPN when wishing to browse the internet in China.  Even if internet users in China access sites permitted by the Chinese government, they should still lean on the VPN for privacy.

At issue is that an individual or a business needs a license from the government to use a VPN. In early 2019, China started issuing $145 fines to those citizens found to be using an unauthorized VPN service. It is unclear whether this will reduce wide-scale VPN usage: according to data compiled by GlobalWebIndex, 31% of China’s internet users use a VPN. The good news is that no non-Chinese national has ever been prosecuted for using an unauthorized VPN.

Benefits of Using the Fortinet FortiClient VPN

China has also been known to target VPN companies. The country uses protocol identification and other advanced tools to detect and block certain VPNs from being functional while used in China. Luckily, China does not block the FortiClient VPN.

FortiClient is more than just a VPN providing secure access: it also provides compliance and protection built into a single lightweight client. Advanced threat protection against malware is provided by integration with Chinese Fortinet FortiGuard.

It’s also a good idea to use a VPN that’s more than just single-use. Fortinet China FortiClient VPN is part of a Security Fabric Integration that gives organizations a unified view of endpoints for enhanced tracking, enforcement, and reporting. As such, if there are any known issues with suspected malware, your IT administrator will communicate this to all users instantly.

This creates a freer, safer browsing experience for you. Your connection is secure because it is encrypted, but there is added protection against even sophisticated malicious threats. While internet users in China may simply seek a way to access U.S.-based social networks without government interference, malware tied to the Chinese government is a growing problem. In August 2020, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, and the Department of Defense identified a type of malware used by the Chinese government in spear-phishing attacks.

As such, a robust VPN like FortiClient VPN can serve as a defense against such malicious activity.

Steps to Configure the FortiClient VPN: Installation and Setup

We’ve provided a step-by-step instruction guide on how to install and configure the FortiClient VPN. If you have any questions about installation, please contact your organization’s IT administrator.

Installing and Setting Up the Fortinet FortiClient VPN from China

VPN Registration

You must first register to use the VPN service with your IT administrator. Luckily, you will not need to rely on downloading the Fortinet FortiClient VPN from the Apple or Android app stores, as the Chinese government has removed VPN apps from the app stores. You can use the FortiClient VPN on your laptop, tablet, or smartphone.

Fortinet VPN installation and configuration

First, make sure that your OS (operating system) is fully up to date. It does not have to be the latest release of the OS but make sure that all security patches have been installed.

If you have anti-virus or anti-malware software installed on your device, you will want the latest version of this as well.

FortiClient VPN 6.4 requires Windows 7, 8.1, or 10 (32 or 64 bit) before it will install.

First, install the FortiClient VPN application.

1. Download the FortiClient VPN
2. Once downloaded, double-click on the executable file or installer (FortiClientVPNOnlineInstaller_6.4.exe)
3. Read through and accept the license agreement.
4. On the screen which shows the Destination Folder, leave it as the default value: “C:\Program Files\Fortinet\FortiClient”
5. On the screen which shows Ready To Install FortiClient, click “Install”.
6. Once the install is complete, click “Finish”.
7. Then, launch the FortiClient VPN application.

Once installed, you must now configure the SSL VPN connection.

1. For VPN select “SSL-VPN”
2. For Connection Name enter “VPN – SSL” – (Ask your IT administrator if there is a preferred Connection Name.)
3. For Description enter “SSL VPN Connection to ______” (Ask your IT administrator if there is a preferred Description to enter here.)
4. For Remote Gateway enter a URL or Web address provided by your IT administrator.
5. Tick Customize port and enter 8443.
6. Leave all other values with their default settings:
   1. Enable Single Sign ON (SSO) for VPN Tunnel = unticked
   2. Client Certificate = “None”
   3. Authentication = “Prompt on login”
   4. Do not Warn Invalid Server Certificate = unticked
7. Click Save to save the configuration
8. Select the VPN connection you have just created from the “VPN Name” field
9. Enter your username and VPN password (this should be distinct from your device password) and click ‘Connect’.

  The above steps are based on version 6.4 of the FortiClient VPN application.

Unlike other VPN providers, FortiClient offers two-factor authentication for added security. While a strong password is essential (most likely at least 8 characters, including alphanumeric and special characters), ask your IT administrator if two-factor authentication can be enabled. Once your VPN has been configured, you will want to test your VPN connection.

Once connected to the internet via the VPN, test your connection. Visit a password-protected site that you visit regularly and log in. It should connect smoothly without delays. If you are experiencing delays, contact your IT administrator.  After you have finished your internet session, you will want to safely disconnect your VPN connection. To do this, simply open the VPN Connected window and click Disconnect.

If you plan on using a new device to access the internet in China, be sure to contact your IT administrator to have the Fortinet FortiClient VPN installed on that device.