Appendix B – FortiClient API

Appendix B – FortiClient API

You can operate FortiClient VPNs using the COM-based FortiClient API. The API can be used with IPsec VPN only. SSL VPN is currently not supported. This chapter contains the following sections:

l Overview l API reference


The FortiClient COM library provides functionality to:

  • Retrieve a list of the VPN tunnels configured in the FortiClient application. l Start and stop any of the configured VPN tunnels. l Send XAuth credentials.
Disconnect(bstrTunnelName As String) Close the named VPN tunnel.
GetPolicy pbAV As Boolean, pbAS As

Boolean, pbFW As Boolean, pbWF

As Boolean)

Command is deprecated in FortiClient v5.0.
  • Retrieve status information: l configured tunnel list l active tunnel name l connected or not l idle or not l remaining key life
  • Respond to FortiClient-related events:
  • VPN connect l VPN disconnect l VPN is idle
  • XAuth authentication requested

For more information, see the vpn_com_examples ZIP file located in the VPN Automation file folder in the FortiClientTools file.

API reference

The following tables provide API reference values.

API reference                                                                                                       Appendix B – FortiClient API

GetRemainingKeyLife(bstrTunnelName As String, pSecs As Long, pKBytes As Long) Retrieve the remaining key life for the named connection. Whether keylife time (pSecs) or data (pKBytes) are significant depends on the detailed settings in the FortiClient application.
MakeSystemPolicyCompliant() Command is deprecated in FortiClient v5.0.
SendXAuthResponse (tunnelName As String, userName As String, password As String, savePassword As Boolean) Send XAuth credentials for the named connection:

l User name, Password l True if password should be saved.

SetPolicy (bAV As Boolean, bAS As

Boolean, bFW As Boolean, bWF

As Boolean)

Command is deprecated in FortiClient v5.0.
GetTunnelList() Retrieve the list of all connections configured in the FortiClient application.
IsConnected (bstrTunnelName As String) As Boolean Return True if the named connection is up.
IsIdle (bstrTunnelName As String) As Boolean Return True if the named connection is idle.
OnDisconnect(bstrTunnelName As String) Connection disconnected.
OnIdle(bstrTunnelName As String) Connection idle.
OnOutOfCompliance(bAV As Boolean, bAS As Boolean, bFW As Boolean, bWF As Boolean) Command is deprecated in FortiClient v5.0.
OnXAuthRequest(bstrTunnelName As String) The VPN peer on the named connection requests XAuth authentication.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in FortiClient and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.