FortiClient endpoint profile page updates (283968)

The Security Profiles > FortiClient Profiles page has been redesigned to better present the information available, and so the user can easily locate particular settings of interest.

Pre-existing GUI options under User & Device > FortiClient Profiles have been moved to the Security Profiles menu, and have been reorganized into separate tabs: Security, VPN, Advanced, and Mobile. Profiles can be created and options can be enabled within these tabs.

Note that Client–based Logging when On-Net has been renamed to Allow Access to Logs from

FortiClient Console.

In addition, the following features were added:

• Support for FortiSandbox integration
• Option for C&C destination scanning and blocking
• Certificate deployment as part of endpoint profile
• FortiClient RTP Option updates
• Option to monitor all unknown applications

Configure the ability to store FortiClient configuration files (171380)

 

1. Enable the advanced FortiClient configuration option in the endpoint profile:

config endpoint-control profile edit “default”

set forticlient-config-deployment enable set fct-advanced-cfg enable

set fct-advanced-cfg-buffer “hello” set forticlient-license-timeout 1 set netscan-discover-hosts enable

next end

 

2. Export the configuration from FortiClient (xml format).

3. Copy the contents of the configuration file and try to paste in the advanced FortiClient configuration box.

 

If the configuration file is greater than 32k, you need to use the following CLI:

 

config endpoint-control profile edit <profile>

config forticlient-winmac-settings config extra-buffer-entries

edit <entry_id>

set buffer xxxxxx next

end

next

end