FortiRDP is a local FortiGate SSL VPN port forwarder client for Windows Remote Desktop connection. This software was developed to interoperate with the SSLVPN Web portforward mode at a time the Java applet support was deprecated in Chrome or Firefox but still in use by our installed firewalls. FortiRDP is working with the latest version of FortiOS (tested on FortiGate-60E with FortiOS versions 6.4.x and 7.0.x).

The port forwarding is a mechanism to send arbitrary TCP traffic over an encrypted SSL tunnel between FortiRDP and a FortiGate firewall. Its main usage is to forward RDP traffic. It was developed to simplify connection to a Windows terminal server. First, FortiRDP establishes an encrypted SSL tunnel with the Fortigate Firewall. Once connected, FortiRDP starts listening on a random local port on localhost (127.0.0.1) and launches the client application (by default mstsc.exe) with the required parameters to connect to 127.0.0.1 on the chosen random port. Data is encrypted and sent to the FortiGate unit through the tunnel, which then forwards the traffic to the application server.

FortiRDP is provided as a single Windows 64-bit executable (fortirdp.exe) and a certificate storage (fortirdp.crt). It is a portable application that does not require any installation. You only need to copy fortirdp.exe and fortirdp.crt in the same folder and run the application. FortiRDP uses mbed TLS to establish the secure tunnel with the firewall and lwIP to handle the IP communication within the tunnel.

FortiRDP can be customized through command line parameters to launch other client applications such as VNC, Telnet, ... or other clients that support TCP communication.