FortiClient Profile changes

FortiClient Profile changes (386267, 375049)

FortiClient profiles have been changed in FortiOS 5.6 to include new protection features and to change organization of the GUI options. FortiClient profiles also use the FortiGate to warn or quarantine endpoints that are not compliant with a FortiClient profile.

A bug that prevented the Dialog and Device Inventory pages from loading when there is a large number of devices (for example, 10,000) has been fixed.

Default FortClient profile

FortiClient profiles allow you to perform vulnerability scans on endpoints and make sure endpoints are running compliant versions of FortiClient. Also, security posture features cause FortiClient to apply realtime protection, AntiVirus, web filtering, and application control on endpoints.

The default FortiClient profile also allows you to set a general Non-compliance action for endpoints that don’t have FortiClient installed on them. The non-compliance action can be block or warning and is applied by the FortiGate. Blocked endpoints are quarantined by the FortiGate.

Endpoint vulnerability scanning

Similar to FortiOS 5.4 you can set the FortiClient Profile to run the FortiClient vulnerability scanner on endpoints and you can set the Vulnerability quarantine level to quarantine endpoints that don’t comply.

FortiClient Profile changes (386267, 375049)                                                                             System compliance

The vulnerability scan Non-compliance action can block or warn endpoints if the vulnerability scan shows they do not meet the vulnerability quarantine level.

System compliance

FortiOS 5.6 system compliance settings are similar to those in 5.4 with the addition of a non-compliance action. System compliance checking is performed by FortiClient but the non-compliance action is applied by the FortiGate.

Security posture checking

Security posture checking collects realtime protection, antivirus protection, web filtering and application firewall features under the Security Posture Check heading.

Security posture checking                                                                     FortiClient Profile changes (386267, 375049)

Application Control is a free service                                                                                  Security posture checking

This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.