Introduction
FortiClient is an all-in-one comprehensive endpoint security solution that extends the power of Fortinet’s Advanced Threat Protection (ATP) to end user devices. As the endpoint is the ultimate destination for malware that is seeking credentials, network access, and sensitive information, ensuring that your endpoint security combines strong prevention with detection and mitigation is critical.
This document provides an overview of FortiClient 5.4.0.
This document was written for FortiClient (Windows) 5.4.0. Not all features described in this document are supported for FortiClient (Mac OS X) 5.4.0.
FortiClient features
FortiClient offers two licensing modes: Standalone mode and Managed mode. It can also be integrated with FortiSandbox.
The following table provides a feature comparison between the standalone client (free version) and the managed client (licensed version).
| Standalone Client (Free Version) | Managed Client (Licensed Version) |
| Installation Options l Complete: All Endpoint Security and VPN components will be installed.
l VPN Only: only VPN components (IPsec and SSL) will be installed. l Create a custom FortiClient installer using the FortiClient Configurator tool using the trial mode. In trial mode, all online updates are disabled. |
Installation Options l Complete: All Endpoint Security and VPN components will be installed.
l VPN Only: only VPN components (IPsec and SSL) will be installed. l Create a custom FortiClient installer using the FortiClient Configurator tool. |
| Threat Protection l Real-time Antivirus Protection l Antirootkit/Antimalware l Grayware Blocking (Adware/Riskware) | Threat Protection l Real-time Antivirus Protection l Antirootkit/Antimalware l Grayware Blocking (Adware/Riskware) l Cloud Based Behavior Scanning |
| Web Content l Web Filtering l YouTube Education Filter | Web Content l Web Filtering l YouTube Education Filter |
FortiClient features
| Standalone Client (Free Version) | Managed Client (Licensed Version) |
| VPN l SSL VPN l IPsec VPN
l Client Certificate Support l X.509 Certificate Support l Elliptical Curve Certificate Support l Two-Factor Authentication |
VPN l SSL VPN l IPsec VPN
l Client Certificate Support l X.509 Certificate Support l Elliptical Curve Certificate Support l Two-Factor Authentication |
| Logging l VPN, Antivirus, Web Security, and Update
Logging l View logs locally |
Logging l VPN, Application Firewall, Antivirus, Web
Filter, Update, and Vulnerability Scan Logging l View logs locally |
| Application Control l Application Firewall l Block Specific Application Traffic | |
| Vulnerability Management l Vulnerability Scan l Link to FortiGuard with information on the impact and recommended actions | |
| Central Management l Centralized Client Management and monitoring
l Centralized configuration provisioning and deployment l Enforcement of enterprise security policies. |
|
| Central Logging l Upload logs to a FortiAnalyzer or
FortiManager. FortiClient must be registered to FortiGate to upload logs to FortiAnalyzer or FortiManager. |
Standalone mode
In standalone mode, FortiClient is not registered to a FortiGate or Enterprise Management Server (EMS). In this mode, FortiClient is free both for private individuals and commercial businesses to use; no license is required. All features and functions are activated.
FortiClient features
Managed mode
Companies with large installations of FortiClient usually need a method to manage their endpoints. This is accomplished by registering each FortiClient to a FortiGate or an Enterprise Management Server (EMS). In this mode, FortiClient licensing is applied to the FortiGate or EMS. No separate license is required on FortiClient itself.
FortiSandbox
FortiSandbox offers the capabilities to analyze new, previously unknown and undetected virus samples in realtime. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as are available on the FortiOS and FortiClient. If the file is not detected but is an executable file, it is run in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behavior in the VM.
FortiClient integration with FortiSandbox allows users to submit files to FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they cannot be detected by the local, real-time scanning. Access to the downloaded file can be blocked until the scanning result is returned.
As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time and on-demand AV scanning.
For more information, see the FortiSandbox Administration Guide, available in the Fortinet Document Library.
On-Net / Off-Net
The on-net feature requires the use of a FortiGate as a DHCP server. This is usually configured on the same FortiGate that the FortiClient will be registered. When the device that FortiClient is running on has an IP address from the FortiGate’s DHCP server, it is on-net. For any other IP addresses, it is off- net.
There is a new way to configure the on-net feature. On the FortiGate, the DHCP server can be used, or several network subnets can be provided. FortiClient will be on-net if:
l It is registered using EC to the FortiGate, l It belongs to one of the pre-configured on-net subnets, or l It provides the DHCP for on-net properties.
Otherwise, FortiClient will be off-net.
Licensing
Licensing
Licensing on the FortiGate is based on the number of registered clients. FortiGate 30 series and higher models support ten (10) free managed FortiClient licenses. For additional managed clients, a FortiClient license subscription must be purchased. The maximum number of managed clients varies per device model.
The VPN on-net, off-net feature in Endpoint Control will be activated only when the FortiGate, to which FortiClient is registered, is running FortiOS 5.2 or 5.4 with a FortiClient 5.2 or 5.4 license.
FortiGate Client limits
The following table shows client limits per FortiGate model series.
| FortiGate Series | Free Registrations | FortiClient License Upgrade |
| FortiGate/FortiWiFi 30 to 90 series | 10 | 1 year FortiClient license subscription for up to 200 clients |
| FortiGate 100 to 300 series | 10 | 1 year FortiClient license subscription for up to 600 clients |
| FortiGate 500 to 800 series, FortiGate
VM01, FortiGate VM02 |
10 | 1 year FortiClient license subscription for up to 2000 clients |
| FortiGate 1000 series, FortiGate VM04 | 10 | 1 year FortiClient license subscription for up to 8000 clients |
| FortiGate 3000 to 5000 series,
FortiGate VM08 |
10 | 1 year FortiClient license subscription for up to 20 000 clients |
Installation information
EMS client limits
A newly installed EMS offers 20 000 trial client licenses over a period of 60 days from the day of installation. After the trail period lapses, the number of client licenses will be 10, same as for a new FortiGate to which no FortiClient license has been applied.
A license may be applied to the EMS at any time during or after the trial period. Licenses are available in multiples of 100 seats, with a minimum of 100 seats.
Installation information
The following table lists operating system support and the minimum system requirements.
| Operating System Support | Minimum System Requirements |
| l Microsoft Windows XP (32-bit) l Microsoft Windows 7 (32-bit and 64-bit) l Microsoft Windows 8 (32-bit and 64-bit) l Microsoft Windows 8.1 (32-bit and 64-bit) l Microsoft Windows 10 (32-bit and 64-bit) | l Microsoft Internet Explorer version 8 or later l Microsoft Windows compatible computer with Intel
processor or equivalent l Compatible operating system and minimum 512MB RAM l 600MB free hard disk space l Native Microsoft TCP/IP communication protocol l Native Microsoft PPP dialer for dial-up connections l Ethernet NIC for network connections l Wireless adapter for wireless network connections l Adobe Acrobat Reader for documentation l MSI installer 3.0 or later. |
| l Microsoft Windows Server 2008 R2 l Microsoft Windows Server 2012 l Microsoft Windows Server 2012 R2 | l Microsoft Internet Explorer version 8 or later l Microsoft Windows compatible computer with Intel
processor or equivalent l Compatible operating system and minimum 512MB RAM l 600MB free hard disk space l Native Microsoft TCP/IP communication protocol l Native Microsoft PPP dialer for dial-up connections l Ethernet NIC for network connections l Wireless adapter for wireless network connections l Adobe Acrobat Reader for documentation l MSI installer 3.0 or later. |
Firmware images and tools
| Operating System Support | Minimum System Requirements |
| l Mac OS X v10.8 Mountain Lion l Mac OS X v10.9 Mavericks l Mac OS X v10.10 Yosemite l Mac OS X v10.11 El Capitan | l Apple Mac computer with an Intel processor l 256MB of RAM l 20MB of hard disk drive (HDD) space l TCP/IP communication protocol l Ethernet NIC for network connections l Wireless adapter for wireless network connections |
Firmware images and tools
Microsoft Windows
The following files are available in the firmware image file folder:
- 4.xx.xxxx.exe
Standard installer for Microsoft Windows (32-bit).
- 4.xx.xxxx.zip
- zip package containing FortiClient.msi and language transforms for Microsoft Windows (32-bit). Some properties of the MSI package can be customized with FortiClient Configurator tool.
- 4.xx.xxxx_x64.exe
Standard installer for Microsoft Windows (64-bit).
- 4.xx.xxxx_x64.zip
- zip package containing FortiClient.msi and language transforms for Microsoft Windows (64-bit). Some properties of the MSI package can be customized with FortiClient Configurator tool.
- 4.xx.xxxx.zip
- zip package containing miscellaneous tools including the FortiClient Configurator tool and VPN Automation files:
- OnlineInstaller
This file downloads and installs the latest FortiClient file from the public FDS.
- FortiClientConfigurator
An installer repackaging tool that is used to create customized installation packages.
- FortiClientVirusCleaner A virus cleaner.
- SSLVPNcmdline
Command line SSL VPN client.
- SupportUtils
Includes diagnostic, uninstallation, and reinstallation tools.
Language support
- VPNAutomation
A VPN automation tool.
When creating a custom FortiClient 5.4 installer using the FortiClient Configurator tool, you can choose which features to install. You can also select to enable or disable software updates, configure SSO, and rebrand FortiClient
Mac OS X
The following files are available in the firmware image file folder:
- 4.x.xxx_macosx.dmg Standard installer or Mac OS X.
- 4.x.xxx_macosx.tar
FortiClient includes various utility tools and files to help with installations. The following tools and files are available in the FortiClientTools .tar file:
- OnlineInstaller
This file downloads and installs the latest FortiClient file from the public FDS.
- FortiClientConfigurator
An installer repackaging tool that is used to create customized installation packages.
- RebrandingResources
Rebranding resources used by the FortiClient Configurator tool.
When creating a custom FortiClient 5.4.0 installer using the FortiClient Repackager tool, you can choose to install Everything, VPN Only, or SSO only. You can also select to enable or disable software updates and rebrand
FortiClient.
FortiClient 5.4 cannot use FortiClient version 5.0 licenses. To use FortiClient Configurator, you need to use the FortiClient version 5.4 license file.
Language support
The following table lists FortiClient language support information.
| Language | Graphical User Interface | XML Configuration | Documentation |
| English (United States) | ü | ü | ü |
| Chinese (Simplified) | ü | – | – |
| Chinese (Traditional) | ü | – | – |
Language support
| Language | Graphical User Interface | XML Configuration | Documentation |
| French (France) | ü | – | – |
| German | ü | – | – |
| Japanese | ü | – | – |
| Korean | ü | – | – |
| Portuguese (Brazil) | ü | – | – |
| Spanish (Spain) | ü | – | – |