Fortinet uses HTML-based login forms, similar to Juniper's, resulting in an SVPNCOOKIE.
Believe it or not, they're even more badly designed than Juniper's forms:
1. Inconsistent use of HTTP redirects ('Location' header) vs. Javascript-only redirects
2. Significant <input> fields that aren't actually nested within the <form> tag.
3. Misleading HTTP 405 status ("Method Not Allowed") after incorrect credentials are entered.
4. No apparent way to determine the allowed values for the realm field.
(Though various articles floating around suggest it comes from the URL-path entry point,
from which I assume it's triggered by JavaScript.)
projects / users / dwmw2 / openconnect.git / commit