Configure FortiClient profiles

Configure FortiClient profiles

FortiGate includes a default FortiClient profile. You can edit the default profile or create a new profile. FortiClient profiles are used to communicate compliance rules to FortiClient endpoints.

The option to assign the profile to device groups, user groups, and users is available only when you create a new FortiClient profile. You can assign the profile to user groups and users when using Active Directory authentication.

For more information about creating FortiClient profiles by using FortiGate, see the FortiOS Handbook-Security Profiles.

Configure FortiGate

To configure FortiClient profiles:

  1. Go to Security Profiles > FortiClient Profiles. You can edit the default profile or create a new FortiClient profile.
  2. Set the following options:
Profile Name Type a name for the profile.
Comments Type comments about the profile.
Assign Profile To Click to specify which devices, users, and addresses will receive the FortiClient profile. This options is available only when enable multiple security profiles and you create a new profile.
FortiClient endpoint compliance Use the options in this section to specify how to handle FortiClient endpoints that fail to meet the compliance rules.
Non-compliance action Select either Block, Warning, Auto-update. See also Non-compliance action on page 29.
Endpoint Vulnerability Scan on Client You can enable or disable Endpoint Vulnerability Scan on Client. When enabled, FortiClient is required to have Vulnerability Scan enabled. When Non-compliance action is set to Auto-update, you can enable and configure Endpoint Vulnerability Scan on Client by using only FortiGate.
System Compliance You can enable or disable System Compliance. When enabled, a minimum

FortiClient version is required on endpoints.

When Non-compliance action is set to Auto-update, you can enable and configure Minimum FortiClient version by using only FortiGate.

You can also enable logging to FortiAnalyzer, and select what types of logs to send to FortiAnalyzer.

AntiVirus You can enable or disable AntiVirus. When enabled, FortiClient console is required to have Antivirus enabled.

When Non-compliance action is set to Auto-update, you can enable and configure AntiVirus by using only FortiGate.

Web Filter You can enable or disable Web Filter and select a profile. When enabled, FortiClient is required to have Web Filter enabled.

When Non-compliance action is set to Auto-update, you can enable and configure Web Filter by using only FortiGate.

Application Firewall You can enable or disable Application Firewall and select a profile. When enabled, FortiClient is required to have Application Firewall enabled. When Non-compliance action is set to Auto-update, you can enable and configure Application Firewall by using only FortiGate.
  1. Click OK.

Enable a key password for FortiTelemetry connection

You can configure a connection key password for FortiClient Telemetry connection to FortiGate devices. When connecting FortiClient Telemetry to FortiGate, the user must enter the connection key password in FortiClient console before the connection can be completed.

You must use the CLI to enable a key password.

To enable key password:

  1. On your FortiGate device, go to Dashboard > CLI Console, and enter the following CLI command: config endpoint-control settings set forticlient-key-enforce enable set forticlient-reg-key <password>

end

FortiClient users can select to remember the connection key password in the FortiClient console when they connect FortiClient Telemetry.

View connected FortiClient endpoints

You can view all connected FortiClient endpoints in FortiGate GUI. On FortiGate, each new connection is automatically added to the device table.

To view connected devices, go to Monitor > FortiClient Monitor.

Configure FortiClient Telemetry connections with AD user groups

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.