Author Archives: Mike

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Appendix D – FortiClient Log Messages

Leave a reply

Appendix D – FortiClient Log Messages

Client Feature ID Level Format Description
AntiVirus 0x00017913 Warning Found malware by [AntiVirus scan|AntiVirus realtime protection] in [filesystem|email] This message is logged when a malware is found.
AntiVirus 0x00017914 Warning Found suspicious by [AntiVirus scan|AntiVirus realtime protection] in [filesystem|disk|email] This message is logged when a suspicious is found.
AntiVirus 0x00017915 Info User enabled Realtime AntiVirus protection Logged when someone enables Realtime AntiVirus.
AntiVirus 0x00017916 Warning User disabled Realtime AntiVirus protection Logged when someone disables Realtime AntiVirus.
AntiVirus 0x00017917 Info Communication error  
AntiVirus 0x00017918 Warning AntiVirus realtime protection killed malware process : [process name] A malware process killed a malware process.
AntiVirus 0x0001791d Info av_task scan is started This message is logged if AV scanning is started.
AntiVirus 0x0001791e Info av_task scan is stopped This message is logged if AV scanning is stopped.
AntiVirus 0x00017919 Info av_task scan thread is suspended This message is logged if AV scanning is paused.
AntiVirus 0x0001791a Info av_task scan thread is resumed This message when AV scanning is resumed.
AntiVirus 0x0001791b Warning av_task killed suspicious process : <filename or process name> <filename or process name> is a suspicious process and has been terminated.
AntiVirus 0x0001791c Info Cannot start scan task  

 

Client Feature ID Level Format Description
AntiVirus 0x0001791f Error Scheduled scan failed: Path to file/folder no longer exists. Path not found.
AntiVirus 0x00017920 Warning AntiVirus scan was stopped by a user before it finished. The user specified stopped an AntiVirus scan
AntiVirus 0x00017921 Warning Failed to connect to FortiSandbox server. The sandbox server is unavialable
Webfilter 0x000178f4 Info User enabled Webfilter Logged when someone enables webfiltering.
Webfilter 0x000178f5 Warning User disabled Webfilter Logged when someone disables webfiltering.
Webfilter 0x000178f6 Warning user’s access to the url [action and reason] the action to the user’s access
Webfilter 0x000178f7 Info user’s access to the url [action and reason] the action to the user’s access
Webfilter 0x000178f8 Warning The Webfilter Violation report was cleared [user name] Logged when someone clears the webfilter violation report.
Webfilter 0x000178f9 Warning Unable to create proxy/webfilter communication socket. FortiClient will not be able to determine the FortiGuard rating of URLs.
Webfilter 0x000178fa Warning Unable to retrieve the webfilter UDP port number. FortiClient will not be able to determine the FortiGuard rating of URLs.
Webfilter 0x000178fb Warning status=warn [logged on user] temporarily disabled blocking of category [category id] ([category name]) to access [url] The user [logged on user] proceeded to the url [url] after acknowledging a warning message.
Application FireWall 0x00017980 Warning Firewall action  
Application FireWall 0x00017981 Info Firewall action
Application FireWall 0x00017982 Info User enabled Firewall User enabled Firewall

 

Client Feature ID Level Format Description
Application FireWall 0x00017983 Warning User disabled Firewall User disabled Firewall
Application FireWall 0x00017984 Warning The Application Firewall report was cleared Logged when someone clears the application firewall report.
Application FireWall 0x00017985 Warning The application firewall has been disabled because it’s driver could not be loaded Logged when application firewall driver could not be loaded with error 127 (The specified procedure could not be found).
IKE VPN 0x00017930 Info VPN tunnel status VPN tunnel status
IKE VPN 0x00017940 Info IKE phase1 authentication fail as peer’s certificate is not verified. IKE phase1 authentication fail as peer’s certificate is not verified.
IKE VPN 0x00017941 Info IKE phase1 authentication fail as the preshare key mismatch. IKE phase1 authentication fail as the preshare key mismatch.
IKE VPN 0x00017931 Warning No response from the peer  
IKE VPN 0x00017932 Warning No response from the peer
IKE VPN 0x00017933 Warning Received delete payload from peer check xauth password. Received delete payload from peer check xauth password.
IKE VPN 0x00017934 Error Failed to acquire an IP address. Failed to acquire an IP address for the virtual adapter.
IKE VPN 0x00017935 Error ike error  
IKE VPN 0x00017936 Info negotiation information
IKE VPN 0x00017937 Error negotiation error
IKE VPN 0x00017938 Error replayed packet detected (packet dropped)

 

Client Feature ID Level Format Description
IKE VPN 0x00017939 Info VPN user accept the banner and continue with the tunnel setup The VPN user accept the banner warning
IKE VPN 0x0001793a Info VPN user choose disconnect the tunnel or no response The VPN user reject the banner warning and disconnect the tunnel
IKE VPN 0x0001793b Info locip=<ip address> locport=<port number> remip=<ip address> remport=<port number> outif=<interface> vpntunnel=<tunnel name> action=install_sa  
IKE VPN 0x0001793c Info VPN before logon was enabled Logged when someone enables VPN before logon.
IKE VPN 0x0001793d Info VPN before logon was disabled Logged when someone disables VPN before logon.
IKE VPN 0x0001793e Error VPN cannot connect because an authorization rule failed. Logged when a VPN authorization rule failed.
IKE VPN 0x0001793f Warning A required application is not running. VPN cannot connect because the specified application is not running.
SSL VPN 0x00017958 Info SSLVPN tunnel status SSLVPN tunnel status
Wan Acceleration 0x00017a71 Info User enabled WAN Acceleration User enabled WAN Accel-

eration
Wan Acceleration 0x00017a70 Info User disabled WAN Acceleration User disabled WAN Acceleration
Wan Acceleration 0x0000b000 Error Network registry keys are missing When enumerating the network interface subkeys
Wan Acceleration 0x0000b001 Error Network adapter is missing a description When enumerating the network interfaces
Wan Acceleration 0x0000b002 Error Error opening redirector device Wan acceleration will not function.
Wan Acceleration 0x0000b003 Info WAN Acceleration was enabled by [user name] Logged when someone enables WAN Acceleration.

 

Client Feature ID Level Format Description
Wan Acceleration 0x0000b004 Info WAN Acceleration was disabled by [user name] Logged when someone disables WAN Acceleration.
Vulnerability

Scan

 0x00017908 Info The vulnerability scan status has changed A vulnerability scan status change
Vulnerability

Scan

 0x00017909 Info A vulnerability scan result has been logged A Vulnerability scan result log
Vulnerability

Scan

 0x0001790a Info Remediating vulnerability The details of the vulnerability being remediated is described by the log fields
EndPoint Con-

trol

 0x00017ab6 Info upload logs  
EndPoint Con-

trol

 0x00017ab7 Info Endpoint control policy synchronization was enabled Logged when someone

enables Endpoint control policy synchronization.
EndPoint Con-

trol

 0x00017ab8 Warning Endpoint control policy synchronization was disabled Logged when someone disables Endpoint control policy synchronization.
EndPoint Con-

trol

 0x00017ab9 Info Endpoint Control Status changed to [status] Endpoint Control Status Changed
EndPoint Con-

trol

 0x00017aba Warning OffNet configuration version [version] doesn’t match FortiGate configuration version [version] OffNet configuration version doesn’t match FortiGate configuration version
EndPoint Con-

trol

 0x00017abb Info Endpoint Control Registration

Status changed to [status] with

FGT [serial]

  
EndPoint Con-

trol

 0x00017abc Info Endpoint Quarantine Status changed to [status] Endpoint Quarantine Status Changed
Update 0x00017a2a Info Customer initiated a software update request. Logged when a user presses the gui’s update button.
Update 0x00017a37 Info Checking for updates. Checking for updates.
Update 0x00017a2c Info Update allowed only if you have a valid license Update allowed only if you have a valid license

 

Client Feature ID Level Format Description
Update 0x00017a38 Info Software update started. Software update started.
Update 0x00017a2d Info Software updates are disabled. Software updates from FortiGuard have been disabled.
Update 0x00017a2e Info Software updates from FortiGuard have been disabled because this client is managed. Software updates from FortiGuard have been disabled.
Update 0x00017a2f Info Software updates require administrative privileges. The user does not have sufficient privileges to perform software updates.
Update 0x00017a30 Info Software update successful. Software update successful.
Update 0x00017a31 Info Software update failed. Software update failed.
Update 0x00017a32 Info Unable to perform software update. Registry does not contain image id to download. The image id that is expected to be in the registry is missing.
Update 0x00017a33 Info Update <module description> successful  
Update 0x0001798a Info Update success Update was successful.
Update 0x00017a34 Error Unable to load AV engine Failed to load the av engine
Update 0x00017a35 Error Error patching AV signature. Error patching AV signature.
Update 0x00017a36 Error Unable to load FASLE engine Unable to load FASLE engine
Update 0x00017a39 Info Update successful  
Scheduler 0x00017a20 Info Forcefully kill a child process after grace period expires A scheduler owned child process failed to stop when instructed to do so

 

Client Feature ID Level Format Description
Scheduler 0x00017a21 Error The scheduler cannot start the scheduled task because the task’s license is expired. The scheduler cannot start the scheduled task because the task’s license is expired.
Scheduler 0x00017a68 Info FortiClient is starting up FortiClient is starting up
Scheduler 0x00017a69 Info %s is shutting down FortiClient is shutting down
FortiProxy 0x00017a49 Info Fortiproxy is enabled Fortiproxy is enabled
FortiProxy 0x00017a48 Warning Fortiproxy is disabled Fortiproxy is disabled
FortiShield 0x00017a53 Info FortiShield is enabled FortiShield is enabled
FortiShield 0x00017a52 Warning FortiShield is disabled FortiShield is disabled
FortiShield 0x00017a54 Info The console was locked The console password was locked.
FortiShield 0x00017a55 Warning The console was unlocked The console password was unlocked.
FortiShield 0x00017a56 Warning The console password was removed The console password was removed.
FortiShield 0x00017a57 Warning FortiShield blocked application: [application path] from modifying: [file or registry path] FortiShield has prevented an application from modifying a file or registry setting protected by FortiClient.
Application

Database

 0x0000d001 Error <context> <file reference> db error – creating new database. A critical error occurred. The application database will not work. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

 0x0000d003 Error <context> <file reference> db error – BIND command. A critical error occurred. The application database will not work. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d004 Error <context> <file reference> db error – opening database. A critical error occurred. The application database is not present. An attempt to automatically regenerate it will occur. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d005 Error <context> <file reference> db error – preparing sql statement. The sql statement used is invalid. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d006 Error <context> <file reference> db error – unable to find fingerprint. The fingerprint does not exist in the database. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d007 Error <context> <file reference> db error – invalid md5. The parameter supplied is not an MD5. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

 0x0000d008 Error <context> <file reference> db error – row not found. The requested row does not exist. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d00a Error <context> <file reference> Can’t open file. The file cannot be opened. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d00b Error <context> <file reference>

Unable to extract vendor id.

 The files is not digitally signed
Application

Database

 0x0000d00e Error <context> <file reference> Can’t access file because of sharing violation. Can’t access file because of sharing violation. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d00f Error <context> <file reference> Can’t open driver. Can’t open the apd driver. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d010 Error <context> <file reference> Can’t start driver. Can’t start the apd driver. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d011 Error <context> <file reference> Driver io error. APD driver io error. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

 0x0000d016 Error <context> <file reference> Server-side pipe error. A communication error occurred. It is probably temporary. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d017 Error <context> <file reference> Pipe server initialization error. A communication initialization error occurred. It is probably temporary. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d018 Error <context> <file reference> Pipe server creation error. A communication initialization error occurred. It is probably temporary. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d019 Error <context> <file reference>

Unable to bypass fortishield.

 Failed to bypass self-protection. The daemon might not function normally after this. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d01a Error <context> <file reference> Invalid arguments. Invalid command line options supplied. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

 0x0000d01c Error <context> <file reference> Unable to allocate memory for vendor id cache. Low memory. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d01d Error <context> <file reference>

Vendor id cache not initialized.

 This is probably temporary. An attempt will be made later to read/write to the cache. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d01e Error <context> <file reference>

Unable to open vendor id cache shared memory.

 Application detection will not be functioning normally. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

 0x0000d01f Error <context> <file reference>

Unable to open mutex to access vendor id shared memory.

 Application detection will not be functioning normally. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Config

Import/Export

 0x00017a5c Info A configuration file is exported to [location] Logged when someone exports a config file.
Config

Import/Export

 0x00017a5d Info A configuration file is imported from [location] Logged when someone imports a config file.
Config

Import/Export

 0x00017a72 Info Policy ‘[name]’ was received and applied Logged when push configuration is received.
Single SignOn Mobility

Agent

 0x00017ad4 Info Single Sign-On event Single Sign-On event.

 

Client Feature ID Level Format Description
Single SignOn Mobility

Agent

 0x00017ad5 Info Single Sign-On Mobility Agent was enabled Logged when someone enables Single Sign-On Mobility Agent.
Single SignOn Mobility

Agent

 0x00017ad6 Warning Single Sign-On Mobility Agent was disabled Logged when someone disables Single Sign-On Mobility Agent.
Single SignOn Mobility

Agent

 0x00017ad7 Info Single Sign-On Mobility Agent is starting…  
Single SignOn Mobility

Agent

 0x00017ad8 Info Single Sign-On Mobility Agent is stopping…
UI 0x00017a66 Warning Logs were cleared Logged when logs are cleared.
UI 0x00017a67 Info Alerts were cleared Logged when alerts are cleared by a user.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Read The Damn Release Notes

3 Replies

I made a post about this on our forums (first post on the forums actually haha) but decided I needed to make a front page post. Please save yourselves the heart ache and grief and just read the damn release notes before you upgrade firmware versions. Technician friend of mine apparently doesn’t like reading too much. Either way, he took a firewall straight to 5,4,1 from an unsupported firmware upgrade path. Yeah, I know, 5.4.1, too early for production, I get that….but the issues he is experiencing are due to his lack of release note reading.

 

So PLEASE save yourself the trouble and pain and just read and follow the release notes!


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Appendix C – Rebrand FortiClient

Leave a reply

Appendix C – Rebrand FortiClient

The FortiClient Configurator can be used to create custom FortiClient MSI installers with various combinations. The customized MSI installer generated may be used to install FortiClient on all supported platforms using Active Directory. A FortiClient setup executable file is also generated for manual distribution.

Under Options, you can select to enable software updates, configure the single sign-on mobility agent, and rebrand FortiClient. Rebranding allows you to edit various UI elements including graphics.

When replacing files in the resource folder, the replacement file should be the same file type and dimensions. Icons (.ico) are a special case. The Main_icon.ico file for example, is a composite file of multiple icons. The operating system picks the appropriate icon size from this file for the context in which the icon is being displayed.

Rebranding elements:

Installer Product Name Where Used: Setup Wizard header and body, File directory name in Installer Company Name file folder, engine/signature update bubble messages.

Default Value: FortiClient
Installer Company Name Where Used: File directory name in Program Files. Default Value: Fortinet

 

Manufacturer Name Where Used: Default Value: Fortinet Inc
Shortcut Text Where Used: Name of shortcut on desktop

Default Value: FortiClient
Product Name Where Used: Name of installer file (.msi/.mst), UI header, configuration received from FortiGate bubble messages, Default Value: FortiClient
Product Name Text Where Used: Name of client in main page

Default Value: FortiClient
Company Where Used: Help > About > Copyright page

Default Value: Fortinet
Company WebSite URL Where Used: Help > About > Copyright page

Default Value: http://www.fortinet.com
Company Website Text Where Used: Help > About > Copyright page

Default Value: www.fortinet.com
Feedback Email Where Used: Help > About > Copyright page, Send Feedback

Default Value: forticlient-feedback@fortinet.com
Feedback Email Text Where Used: Help > About > Copyright page, Send Feedback

Default Value: forticlient-feedback@fortinet.com
EULA Where Used: Help > About > Copyright page, Click here to view the license agreement

Default Value: http://www.fortinet.com/doc/legal/EULA.pdf
Knowledge Base Text Where Used: Help menu option

Default Value: Fortinet Knowledge Base

Leave this field blank to omit the field in the console.
Knowledge Base Link Where used: Link used by Knowledge Base text

Default value: http://kb.fortinet.com

Leave this field blank to omit the field in the console.
Advertisement 1 Where used: Link used by dashboard banner advertisement 1

Default value: http://www.forticlient.com/video/001
Advertisement 2 Where used: Link used by dashboard banner advertisement 2

Default value: http://www.forticlient.com/video/002
Advertisement 3 Where used: Link used by dashboard banner advertisement 3

Default value: http://www.forticlient.com/video/003

Resources folder elements:

Appendix C – Rebrand FortiClient

About_red_shield_logo.png Where Used:

File Type: PNG File (.png)

Width: 43 pixels

Height: 43 pixels

Bit Depth: 32
Advertisement_ad_0.png Where Used: Dashboard advertisement banner

File Type: PNG File (.png)

Width: 628 pixels

Height: 66 pixels

Bit Depth: 32
Advertisement_ad_1.png Where Used: Dashboard advertisement banner

File Type: PNG File (.png)

Width: 628 pixels

Height: 66 pixels

BitBit Depth: 32
Advertisement_ad_2.png Where Used: Dashboard advertisement banner

File Type: PNG File (.png)

Width: 628 pixels

Height: 66 pixels

Bit Depth: 32
Antivirus_AV_scan_top_banner_left_hand_ side.png Where Used:

File Type: BMP File (.bmp)

Width: 1 pixel

Height: 40 pixels

Bit Depth: 8
Antivirus_AV_scan_top_banner_right_hand_ side.png Where Used: Banner used in right-click “scan with

product name” dialog box File Type: BMP File (.bmp)

Width: 440 pixels

Height: 40 pixels

Bit Depth: 8
Common_fgt-not-found-page-bg.png Where Used: FortiGate not found page

File Type: PNG File (.png)

Width: 673 pixels

Height: 189 pixels

Bit Depth: 32
Common_fortinet-icon.png Where Used:

File Type: PNG File (.png)

Width: 79 pixels

Height: 79 pixels

Bit Depth: 32

 

Common_registration_icon.png Where Used: FortiGate detected page

File Type: PNG File (.png)

Width: 85 pixels

Height: 85 pixels

Bit Depth: 32
Common_searching-page-bg.png Where Used: Searching for FortiGate page

File Type: PNG File (.png)

Width: 673 pixels

Height: 189 pixels

Bit Depth: 32
Dashboard_forticlient_v5_dashboard_bg.png Where Used: Client console

File Type: PNG File (.png)

Width: 628 pixels

Height: 451 pixels

Bit Depth: 32
Dashboard_warning-shield.png Where Used: Dashboard warning shield, displayed when antivirus is disabled. File Type: PNG File (.png)

Width: 59 pixels

Height: 75 pixels

Bit Depth: 32
Installer_background.bmp Where used: Setup Wizard background image.

File Type: BMP file (.bmp)

Width: 491 pixels

Height: 312 pixels

Bit Depth: 8
Installer_banner.bmp Where Used: Setup Wizard banner image on destination page, ready to install page, installing pages.

File Type: BMP file (.bmp)

Width: 491 pixels

Height: 58 pixels

Bit Depth: 8
LightInstaller_icon.ico Where Used: Light Installer Icon

File Type: ICO File (.ico)

Width: 32 pixels

Height: 32 pixels

Bit Depth: 32
Main_icon.ico Where Used: Shortcut on desktop

File Type: ICO file (.ico)

Width: 48 pixels

Height: 48 pixels

Bit Depth: 32

Appendix C – Rebrand FortiClient

Main_logo_black.ico Where Used: Client console header

File Type: ICO file (.ico)

Width: 32 pixels

Height: 32 pixels

Bit Depth: 32
setup.ico Where Used: Setup icon

File Type: ICO File (.ico)

Width: 256 pixels

Height: 256 pixels

Bit Depth: 32
Tray_Icons_alert.ico Where Used: System tray alert icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32
Tray_Icons_alert_vpn.ico Where Used: System tray VPN alert icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32
Tray_Icons_running.ico Where Used: System tray running icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32
Tray_Icons_scan1.ico, Tray_Icons_scan2.ico,

Tray_Icons_scan3.ico, Tray_Icons_scan4.ico,

Tray_Icons_scan5.ico, Tray_Icons_scan6.ico,

Tray_Icons_scan7.ico, Tray_Icons_scan8.ico,

Tray_Icons_scan9.ico, Tray_Icons_scan10.ico

Tray_Icons_scan11.ico

 Where Used: System tray, these eleven images animate the scanning activity of the tray icon.

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32
Tray_Icons_vpn.ico Where Used: System tray VPN icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32
VPN_xauth-dialog-logo.png Where Used: VPN xAuth dialog logo

File Type: PNG File (.png)

Width: 88 pixels

Height: 100 pixels

Bit Depth: 32
zzz_rebranding.ini Where Used: This file is used by the FortiClient Configurator tool for element/resource mapping. File Type: Configuration settings (.ini)

When rebranding FortiClient, you can select to digitally sign the installer package using a code signing certificate.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Fortinet GURU Forums Launched

Leave a reply

I have officially launched the Fortinet GURU Forums. There is no cool custom template yet. Just placed our logo on the basic forum design. I will be tweaking it as I have time to play with it and figure out what I like. In the meantime, this is an awesome way for the Fortinet community to enjoy great conversation and discuss tips, tricks, guides, and issues that one another are experiencing!

Hope to see you guys there!


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Appendix B – FortiClient API

Leave a reply

Appendix B – FortiClient API

You can operate FortiClient VPNs using the COM-based FortiClient API. The API can be used with IPsec VPN only. SSL VPN is currently not supported. This chapter contains the following sections:

l Overview l API reference

Overview

The FortiClient COM library provides functionality to:

  • Retrieve a list of the VPN tunnels configured in the FortiClient application. l Start and stop any of the configured VPN tunnels. l Send XAuth credentials.
Disconnect(bstrTunnelName As String) Close the named VPN tunnel.
GetPolicy pbAV As Boolean, pbAS As

Boolean, pbFW As Boolean, pbWF

As Boolean)

 Command is deprecated in FortiClient v5.0.
  • Retrieve status information: l configured tunnel list l active tunnel name l connected or not l idle or not l remaining key life
  • Respond to FortiClient-related events:
  • VPN connect l VPN disconnect l VPN is idle
  • XAuth authentication requested

For more information, see the vpn_com_examples ZIP file located in the VPN Automation file folder in the FortiClientTools file.

API reference

The following tables provide API reference values.

API reference                                                                                                       Appendix B – FortiClient API

GetRemainingKeyLife(bstrTunnelName As String, pSecs As Long, pKBytes As Long) Retrieve the remaining key life for the named connection. Whether keylife time (pSecs) or data (pKBytes) are significant depends on the detailed settings in the FortiClient application.
MakeSystemPolicyCompliant() Command is deprecated in FortiClient v5.0.
SendXAuthResponse (tunnelName As String, userName As String, password As String, savePassword As Boolean) Send XAuth credentials for the named connection:

l User name, Password l True if password should be saved.
SetPolicy (bAV As Boolean, bAS As

Boolean, bFW As Boolean, bWF

As Boolean)

 Command is deprecated in FortiClient v5.0.
GetTunnelList() Retrieve the list of all connections configured in the FortiClient application.
IsConnected (bstrTunnelName As String) As Boolean Return True if the named connection is up.
IsIdle (bstrTunnelName As String) As Boolean Return True if the named connection is idle.
OnDisconnect(bstrTunnelName As String) Connection disconnected.
OnIdle(bstrTunnelName As String) Connection idle.
OnOutOfCompliance(bAV As Boolean, bAS As Boolean, bFW As Boolean, bWF As Boolean) Command is deprecated in FortiClient v5.0.
OnXAuthRequest(bstrTunnelName As String) The VPN peer on the named connection requests XAuth authentication.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Appendix A – Deployment Scenarios

Leave a reply

Appendix A – Deployment Scenarios

Basic FortiClient profile

In this scenario, you want to configure a FortiClient profile by using the FortiGate GUI. When clients connect FortiClient Telemetry to FortiGate, they will receive the settings configured in the FortiClient profile. You can configure the default profile, or create a new profile. When creating a new profile, you have additional options to specify device groups, user groups, and users.

Create a basic FortiClient profile:

  1. In the FortiGate GUI, go to Security Profiles > FortiClient Profiles. You can either select the default FortiClient profile or select Create New in the toolbar. The Edit Endpoint Profile page opens.

The default FortiClient profile does not include the Assign Profile To setting.

  1. Set the profile settings as required, and click OK.

Advanced FortiClient profile

In this scenario, you have created a custom XML configuration file. The custom file includes all settings required by the client at the time of deployment. When FortiClient connects Telemetry to FortiGate or EMS, you want to ensure that the client receives the full XML configuration. For future configuration changes, you can edit the XML in the profile by using EMS.

To reduce the size of the FortiClient XML configuration file, you can delete all help text found within the <!– …. –> comment tags.

Create an advanced FortiClient profile with the full XML configuration provisioned:

  1. In EMS, go to Endpoint Profiles > Add a new profile.
  2. Select the Advanced.
  3. (Optional) On Install tab, select a FortiClient installer.
  4. On the Configuration tab, overwrite the XML by pasting the XML from your custom XML configuration file into the pane.
    1. Open the FortiClient XML configuration file in a source code editor.
    2. Copy the FortiClient XML.
    3. Paste the FortiClient XML into the Configuration tab.
  5. Click Save.

 

Use Active Directory Groups                                                               Appendix A – Deployment Scenarios

Use Active Directory Groups

Some organizations may choose to deploy different FortiClient profiles to different user groups. FortiGate and EMS are able to send different FortiClient profiles based on the AD group of the user. This requires use of the FortiAuthenticator.

No special configuration is required on FortiClient.

Monitor connected users

Administrators can monitor managed FortiClient users. When the client successfully connects FortiClient Telemetry to the FortiGate/EMS, the client can be monitored on the FortiGate/EMS.

In the FortiGate GUI, all connected clients can be observed on the Monitor> FortiClient Monitor page.

Either of the following FortiGate CLI commands will list all connected clients: l diagnose endpoint registration list, or l diagnose endpoint record-list.

In the EMS, connected clients can be observed on the Workgroups page.

Customize FortiClient using XML settings

FortiClient configurations can be customized at the XML level. For more information, see the FortiClient XML Reference.

Appendix A – Deployment Scenarios                                        Customize FortiClient using XML settings

Silent connection

You may want to configure FortiClient to silently connect to FortiGate without any user interaction. When configured, the user will not be prompted to connect to a FortiGate. The <silent_registration> tag is intended to be used with the <disable_unregister> tab. For more information, see Disable disconnect on page 124. The following XML elements can be used to enable this:

<forticlient_configuration>

<endpoint_control>

<silent_registration>1</silent_registration>

</endpoint_control>

</forticlient_configuration>

Locked FortiClient settings

End-users with administrator permission on their Windows system have access to the FortiClientsettings page. If this is not desired, it can be locked with a password from the FortiGate. The following FortiOS CLI command, when included, requires that any client connected to the FortiGate to provide the password before they can access the settings page.

config endpoint-control profile edit “fmgr” config forticlient-winmac-settings … set forticlient-settings-lock disable set forticlient-settings-lock-passwd <password> …

end

next

end

Disable disconnect

With silent endpoint control connection enabled, a user could disconnect after FortiClient has connected to the FortiGate. The capability to disconnect can be disabled using the following XML element:

<forticlient_configuration>

<endpoint_control>

<disable_unregister>1</disable_unregister>

</endpoint_control>

</forticlient_configuration>

Put it together

Here is a sample complete FortiClient5.4.1XML configuration file with the capabilities discussed above:

<forticlient_configuration>

<partial_configuration>1</partial_configuration>

<endpoint_control>

<enabled>1</enabled>

<disable_unregister>1</disable_unregister>

<silent_registration>1</silent_registration>

<fortigates>

<fortigate>

124

Customize FortiClient using XML settings                                        Appendix A – Deployment Scenarios

<serial_number />

<name />

<registration_password>un9r3Ak@b!e</registration_password>

<addresses>newyork.example.com</addresses>

</fortigate>

</fortigates>

</endpoint_control>

</forticlient_configuration>

The FortiGate that is connected to is listed in the <fortigates> element. The <registration_ password> element is required if the endpoint control configuration on the FortiOS requires one. This can be exported as an encrypted file from a connected FortiClient.

The configuration provided above is not the full FortiClient configuration file. Thus, the <partial_ configuration> element is set to 1.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Custom FortiClient Installations

Leave a reply

Custom FortiClient Installations

The FortiClient Configurator tool is the recommended method of creating customized FortiClient installation files.

You can also customize which modules are displayed in the FortiClient dashboard in the FortiClient profile. This will allow you to activate any of the modules at a later date without needing to re-install FortiClient. Any changes made to the FortiClient profile are pushed to connected clients.

When creating VPN only installation files, you cannot enable other modules in the FortiClient profile as only the VPN module is installed.

When deploying a custom FortiClient XML configuration, use the advanced profile options in FortiClient EMS to ensure the profile settings do not overwrite your custom XML settings. For more information, see the FortiClient XML Reference and the FortiClient EMS Administration Guide.

The FortiClient Configurator tool is included with the FortiClient Tools file in FortiClient 5.4.1. This file is only available on the Customer Service & Support portal and is located in the same file directory as the FortiClient images.

The Configurator tool requires activation with a license file. Ensure that you have completed the following steps prior to logging in to your FortiCare product web portal:

  • Purchased FortiClient Registration License l Activated the FortiClient license on a FortiGate

This video explains how to purchase and apply a FortiClient License: http://www.youtube.com/watch?feature=player_embedded&v=sIkWaUXK0Ok This chapter contains the following sections:

  • Download the license file on page 110 l Prepare configuration files on page 111 l Create a custom installer on page 113 l Custom installation packages on page 120 l Advanced FortiClient profiles on page 121

Download the license file

To retrieve your license file:

  1. Go to https://support.fortinet.com and log in to your FortiCare account.
  2. Under Asset select Manage/View Products. Select the FortiGate device that has the FortiClient registration license activated. You will see the Get the Key File link in the Available Key(s) 110

 

Prepare configuration files

  1. Click the link and download license file to your management computer. This file will be needed each time you use the FortiClient Configurator tool.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6

Diagnostic Tool

Leave a reply

Diagnostic Tool

You can access the FortiClient Diagnostic Tool from the FortiClient console. Go to Help > About.

You can use the FortiClient Diagnostic tool to generate a debug report, and then provide the debug report to the FortiClient team to help with troubleshooting. For example, if you are working with customer support on a problem, you can generate a debug report, and email the report to customer support to help with troubleshooting.

To generate debug reports:

  1. Go to Help > About.
  2. Click the Generate Debug Report icon in the top-right corner. The FortiClient Diagnostic Tool dialog box is displayed.
  3. Click Run Tool.

A window is displayed the provides status information.

Diagnostic Tool

  1. (Optional) When prompted, launch and disconnect the VPN tunnels for which you want to collect information. A Diagnostic_Result file is created and displayed in a folder on the endpoint device. The default folder location is C:\Users <username>\AppData\Local\Temp\.
  2. Click Close.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!