What’s New in FortiClient 5.4

Provisioning FortiClient

FortiClient can be installed on a standalone computer using the installation wizard or deployed to multiple Microsoft Windows systems using Microsoft Active Directory (AD) or the Microsoft System Center 2012 Configuration Manager (SCCM).

This chapter contains the following sections:

l Standard FortiClient installation l Install FortiClient on an infected system l Install FortiClient as part of a cloned disk image l Deploy FortiClient using Microsoft Active Directory server l Deploy FortiClient using Microsoft SCCM 2012

For information on customizing your FortiClient installation, see Custom FortiClient Installations.

Standard FortiClient installation

The following section describes installing FortiClient to a standalone Microsoft Windows and Apple Mac computer.

Download the FortiClient installation files

The FortiClient installation files can be downloaded from the following sites:

Requires a support account with a valid support contract. Download either the Microsoft Windows (32-bit/64bit) or the Mac OS X online installation file.

Download the FortiClient online installation file. The installer file performs a virus and malware scan of the target system prior to installing FortiClient.

Download the FortiClient online installation file. On this page you can download the latest version of FortiClient for Microsoft Windows and Mac OS X, and link to the iOS, and Android versions.

In FortiOS 5.0.1 and later, you can download the FortiClient installation files in the FortiGate dashboard. Go to

System > Dashboard > Status, in the License Information widget select Mac or Windows to download the

FortiClient Online Installer file.

Install FortiClient on a Microsoft Windows computer

The following instructions will guide you though the installation of FortiClient on a Microsoft Windows computer. For more information, see the FortiClient (Windows)Release Notes.

When installing FortiClient, it is recommended to use the FortiClientOnlineInstaller file. This file will launch the FortiClient Virus Cleaner which will scan the target system prior to installing the FortiClient application.

Standard FortiClient installation

To check the digital signature of FortiClient, right-click on the installation file and select Properties. In this menu you can set file attributes, run the compatibility troubleshooter, view the digital signature and certificate, install the certificate, set file permissions, and view file details.

To install FortiClient (Windows):

  1. Double-click the FortiClient executable file to launch the setup wizard. The Setup Wizard will launch on your computer. When using the FortiClient Online Installer file, the FortiClient Virus Cleaner will run before launching the Setup Wizard.

If a virus is found that prevents the infected system from downloading the new FortiClient package, see Install FortiClient on an infected system on page 25.

  1. In the Welcome screen, read the license agreement, select the checkbox, and select Next to continue. You have the option to print the EULA in this License Agreement The Choose Setup Type screen is displayed.
  2. Select one of the following setup types:
    • Complete: All Endpoint Security and VPN components will be installed.
    • VPN Only: Only VPN components (IPsec and SSL) will be installed.
  3. Select Next to continue. The Destination Folder screen is displayed.
  4. Select Change to choose an alternate folder destination for installation.

Standard FortiClient installation

  1. Select Next to continue.

FortiClient will search the target system for other installed antivirus software. If found, FortiClient will display the Conflicting Antivirus Software page. You can either exit the current installation and uninstall the antivirus software, disable the antivirus feature of the conflicting software, or continue with the installation with FortiClient real-time protection disabled.

  1. Select Install to begin the installation.
  2. Select Finish to exit the FortiClient Setup Wizard.

On a new FortiClient installation, you do not need to reboot your system. When upgrading the FortiClient version, you must restart your system for the configuration changes made to FortiClient to take effect. Select Yes to restart your system now, or select No to manually restart later.

FortiClient will update signatures and components from the FortiGuard Distribution Network (FDN).

  1. If the FortiGate/EMS on the network is broadcasting discovery messages, FortiClient will attempt to register to the FortiGate.

If the FortiGate is not broadcasting discovery messages, select the RegisterEndpoint button in the FortiClient header, specify the address of the FortiGate in the text field, and select the Go icon.

  1. To launch FortiClient, double-click the desktop shortcut icon.

Install FortiClient on a Microsoft Server

You can install FortiClient on a Microsoft Windows Server 2008 R2, 2012, or 2012 R2 server. You can use the regular FortiClient Windows image for Server installations.

Please refer to the Microsoft knowledge base for caveats on installing antivirus software in a server environment. See the Microsoft Anti-Virus exclusion list: http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virusexclusion-list.aspx

 

Install                       on an infected system

Install FortiClient on a Mac OS X computer

The following instructions will guide you though the installation of FortiClient on a Mac OS X computer. For more information, see the FortiClient (Mac OS X)Release Notes.

To install FortiClient (Mac OS X):

  1. Double-click the FortiClient .dmg installer file to launch the FortiClient installer. The FortiClient Installer will install FortiClient on your computer. Select Continue.
  2. Select the lock icon in the upper right corner to view certificate details.
  3. Read the Software License Agreement and select Continue. You have the option to print or save the Software Agreement in this window. You will be prompted to Agree with the terms of the license agreement.
  4. Select the destination folder for the installation.
  5. Select Install to perform a standard installation on this computer. You can change the install location from this screen.
  6. Depending on your system, you may be prompted to enter your system password.
  7. The installation was successful. Select Close to exit the installer.
  8. FortiClient has been saved to the Applications
  9. Double-click the FortiClient icon to launch the application. The application console loads to your desktop. Select the lock icon in the FortiClient console to make changes to the FortiClient configuration.

Install FortiClient on an infected system

The FortiClient installer always runs a quick antivirus scan on the target host system before proceeding with the complete installation. If the system is clean, installation proceeds as usual.

Any virus found during this step is quarantined before installation continues.

In case a virus on an infected system prevents downloading of the new FortiClient package, use the following process:

Install FortiClient as part of a cloned disk image

  • Boot into “safe mode with networking” (which is required for the FortiClient installer to download the latest signature packages from the Fortinet Distribution Network).
  • Run the FortiClient installer.

This scans the entire file system. A log file is generated in the logs sub-directory. If a virus is found, it will be quarantined. When complete, reboot back into normal mode and run the FortiClient installer to complete the installation.

Microsoft Windows will not allow FortiClient installation to complete in safe mode. An error message will be generated. It is necessary to reboot back into normal mode to complete the installation.

Install FortiClient as part of a cloned disk image

If you configure computers using a cloned hard disk image, you need to remove the unique identifier from the FortiClient application. You will encounter problems with FortiGate if you deploy multiple FortiClient applications with the same identifier.

This section describes how to include a custom FortiClient installation in a cloned hard disk image but remove its unique identifier. On each computer configured with the cloned hard disk image, the FortiClient application will generate its own unique identifier the first time the computer is started.

To include a FortiClient installation in a hard disk image:

  1. Using an MSI FortiClient installer, install and configure the FortiClient application to suit your requirements. You can use a standard or a customized installation package.
  2. Right-click the FortiClient icon in the system tray and select Shutdown FortiClient.
  3. From the folder where you expanded the FortiClientTools.zip file, run RemoveFCTID.exe. The RemoveFCTID tool requires administrative rights.
  4. Shut down the computer.

Do not reboot the Windows operating system on the computer before you create the hard disk image. The FortiClient identifier is created before you log on.

  1. Create the hard disk image and deploy it as needed.

Deploy FortiClient using Microsoft Active Directory server

There are multiple ways to deploy FortiClient to endpoint devices including using Microsoft Active Directory (AD).

Active Directory server

Using Microsoft AD to deploy FortiClient:

  1. On your domain controller, create a distribution point.
  2. Log on to the server computer as an administrator.
  3. Create a shared network folder where the FortiClient MSI installer file will be distributed from.
  4. Set file permissions on the share to allow access to the distribution package. Copy the FortiClient MSI installer package into this share folder.
  5. Select Start > Administrative Tools > Active Directory Users and Computers.
  6. After selecting your domain, right-click to select a new Organizational Unit (OU).
  7. Move all the computers you wish to distribute the FortiClient software to into the newly-created OU.
  8. Select Start > Administrative Tools > Group Policy Management The Group Policy Management MMC Snap-in will open. Select the OU you just created. Right-click it, Select Create a GPO in this domain, and Link it here. Give the new GPO a name then select OK.
  9. Expand the Group Policy Object container and find the GPO you just created. Right-click the GPO and select Edit. The Group Policy Management Editor MMC Snap-in will open.
  10. Expand ComputerConfiguration > Policies > Software Settings. Right-click Software Settings and select New > Package.
  11. Select the path of your distribution point and FortiClient installer file and then select Open. Select Assigned and select OK. The package will then be generated.
  12. If you wish to expedite the installation process, on both the server and client computers, force a GPO update.
  13. The software will be installed on the client computer’s next reboot. You can also wait for the client computer to poll the domain controller for GPO changes and install the software then.

Uninstall FortiClient using Microsoft Active Directory server:

  1. On your domain controller, select Start > Administrative Tools > Group Policy Management. The Group Policy Management MMC Snap-in will open. Expand the Group Policy Objects container and right-click the Group Policy Object you created to install FortiClient and select Edit. The Group Policy Management Editor will open.
  2. Select ComputerConfiguration > Policy > Software Settings > Software Installation. You will now be able to see the package that was used to install FortiClient.
  3. Right-click the package, select All Tasks > Remove. Choose Immediately uninstall the software from users and computers, or Allow users to continue to use the software but prevent new installations. Select OK. The package will delete.
  4. If you wish to expedite the uninstall process, on both the server and client computers, force a GPO update as shown in the previous section. The software will be uninstalled on the client computer’s next reboot. You can also wait for the client computer to poll the domain controller for GPO changes and uninstall the software then.

 

This entry was posted in Administration Guides, FortiClient and tagged , , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “What’s New in FortiClient 5.4

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.