FortiClient 5.4.1 Administration Guide

Introduction

FortiClient is an all-in-one comprehensive endpoint security solution that extends the power of Fortinet’s Advanced Threat Protection (ATP) to end user devices. As the endpoint is the ultimate destination for malware that is seeking credentials, network access, and sensitive information, ensuring that your endpoint security combines strong prevention with detection and mitigation is critical.

Standalone FortiClient (Free) Managed FortiClient (Licensed)
Installation Options l Complete: All Endpoint Security and VPN components will be installed.

l VPN Only: only VPN components (IPsec and

SSL) will be installed.

Installation Options l Complete: All Endpoint Security and VPN components will be installed.

l VPN Only: only VPN components (IPsec and

SSL) will be installed. l Create a custom FortiClient installer using the FortiClient Configurator tool.

Threat Protection l Real-time Antivirus Protection l Antirootkit/Antimalware l Grayware Blocking (Adware/Riskware) Threat Protection l Real-time Antivirus Protection l FortiSandbox support l Antirootkit/Antimalware l Grayware Blocking (Adware/Riskware) l Cloud-Based Behavior Scanning
Web Content l Web Filtering l YouTube Education Filter Web Content l Web Filtering l YouTube Education Filter

This document was written for FortiClient (Windows) 5.4.1. Not all features described in this document are supported for FortiClient (Mac OS X) 5.4.1.

FortiClient modes and features

FortiClient offers two licensing modes: Standalone mode and Managed mode. The standalone mode is free, and the managed mode is licensed. In managed mode, FortiClient is used with FortiGate, FortiClient Enterprise Management Server (EMS), or both FortiGate and EMS.

The following table provides a feature comparison between standalone FortiClient (free version) and managed FortiClient (licensed version).

FortiClient modes and features

Standalone FortiClient (Free) Managed FortiClient (Licensed)
VPN l SSL VPN l IPsec VPN

l Client Certificate Support l X.509 Certificate Support l Elliptical Curve Certificate Support l Two-Factor Authentication

VPN l SSL VPN l IPsec VPN

l Client Certificate Support l X.509 Certificate Support l Elliptical Curve Certificate Support l Two-Factor Authentication

Logging l VPN, Antivirus, Web Security, and Update

Logging l View logs locally

Logging l VPN, Application Firewall, Antivirus, Web

Filter, Update, and Vulnerability Scan

Logging l View logs locally

  Network Access Compliance l Compliance l Define and enforce enterprise security policies when FortiClient used with FortiGate.
  Application Control l Application Firewall l Block Specific Application Traffic
  Vulnerability Management l Vulnerability Scan l Link to FortiGuard with information on the impact and recommended actions

l Receive remediation instructions for addressing endpoint vulnerabilities, including access to software patches

  Central Management l Centralized Client Management and monitoring

l Centralized configuration provisioning and deployment

  Central Logging l Upload logs to FortiAnalyzer or

FortiManager. FortiClient must connect to FortiGate or EMS to upload logs to FortiAnalyzer or FortiManager.

 

Fortinet product support for FortiClient

Standalone mode

In standalone mode, FortiClient is not connected to a FortiGate or EMS. In this mode, FortiClient is free both for private individuals and commercial businesses to use; no license is required. See Standalone FortiClient on page 24.

Support for FortiClient in standalone mode is provided on the Fortinet Forums (forum.fortinet.com). Phone support is not provided.

Managed mode

Companies with large installations of FortiClient usually need a means to manage their endpoints. EMS can be used to provision and centrally manage FortiClient endpoints, and FortiGate can be used with FortiClient endpoints for network security. Each FortiClient endpoint can register to a FortiGate or an EMS. In this mode, FortiClient licensing is applied to the FortiGate or EMS. No separate license is required on FortiClient itself. See Managed FortiClient on page 25.

FortiClient banner and modes

If FortiClient (full version or VPN only) is running in standalone mode and not connected to a FortiGate or EMS, a single banner at the bottom of the FortiClient console is displayed. When FortiClient is running in managed mode and connected to a FortiGate or EMS, the banner is hidden by default. Similarly, when you create a FortiClient installer by using FortiClient Configurator (Windows) or Repackager (OS X), no banner is displayed by default.

This entry was posted in FortiClient and tagged on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.