FortiClient discovery and registration
FortiOS provides, FortiHeartBeat, a means of allowing users running FortiClient Endpoint Control software to connect to specific interfaces when connecting to the FortiGate unit. As well as ensuring that remote or local users have FortiClient Endpoint Control software installed on their PC or mobile device.
You can configure a FortiGate interface as an interface that will accept FortiClient connections. When configured, the FortiGate unit sends broadcast messages which the FortiClient software running on an end user PC is listening for.
To enable the broadcast message
1. Go to System > Network > Interface.
2. Edit the interface to send the broadcast messages.
3. Select FortiHeartBeat.
4. In Admission Control, select Enforce FortiHeartBeat for all FortiClients.
5. Select OK.
Once enabled, the FortiGate unit broadcasts a discovery message that includes the IP address of the interface and listening port number to the local network. All PCs running FortiClient on that network listen for this discovery message.
You also have the option of including a registration key. When the FortiClient discovers the FortiGate unit, it is prompted to enter a registration key, defined by the administrator.
To add a registration key
1. Go to System > Config > Advanced.
2. Select Enable Registration Key for FortiClient, and enter the key.
3. Select Apply.
Ensure you distribute the key to the users that need to connect to the FortiGate unit.
On the end user side, if FortiClient has not been registered with the FortiGate unit, it is continually listening for the FortiGate discovery message. When this message is detected the un-registered client will pop-up a FortiGate Detected message. The user can choose to either register or ignore the message.
Clients that have registered with that FortiGate unit will not be listening for these messages and will not display the message again.
If you enabled the registration key, the user is prompted to enter the key before a connection can be completed.
There can be some confusion when discussing the compatibility of FortiClient with FortiGate. There is technical compatibility and licensing compatibility. FortiClient software may not be licence compatible with previous versions of FortiOS.
For instance, while FortiClient 5.2 software is technologically compatible with a FortiGate running FortiOS 5.0 firmware. A FortiGate running FortiOS 5.0 will not recognize the FortiClient 5.2 licence code. Depending on the restrictions of your particular situation, you can:
- Use FortiClient 5.2 without licensing
- Use FortiClient 5.0 with licensing
- Upgrade to FortiOS firmware 5.2
For more information on FortiGate registration, see the FortiClient Administration Guide.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!