Tag Archives: forticlient administration guide

Appendix D – FortiClient Log Messages

Appendix D – FortiClient Log Messages

Client Feature ID Level Format Description
AntiVirus 0x00017913 Warning Found malware by [AntiVirus scan|AntiVirus realtime protection] in [filesystem|email] This message is logged when a malware is found.
AntiVirus 0x00017914 Warning Found suspicious by [AntiVirus scan|AntiVirus realtime protection] in [filesystem|disk|email] This message is logged when a suspicious is found.
AntiVirus 0x00017915 Info User enabled Realtime AntiVirus protection Logged when someone enables Realtime AntiVirus.
AntiVirus 0x00017916 Warning User disabled Realtime AntiVirus protection Logged when someone disables Realtime AntiVirus.
AntiVirus 0x00017917 Info Communication error  
AntiVirus 0x00017918 Warning AntiVirus realtime protection killed malware process : [process name] A malware process killed a malware process.
AntiVirus 0x0001791d Info av_task scan is started This message is logged if AV scanning is started.
AntiVirus 0x0001791e Info av_task scan is stopped This message is logged if AV scanning is stopped.
AntiVirus 0x00017919 Info av_task scan thread is suspended This message is logged if AV scanning is paused.
AntiVirus 0x0001791a Info av_task scan thread is resumed This message when AV scanning is resumed.
AntiVirus 0x0001791b Warning av_task killed suspicious process : <filename or process name> <filename or process name> is a suspicious process and has been terminated.
AntiVirus 0x0001791c Info Cannot start scan task  

 

Client Feature ID Level Format Description
AntiVirus 0x0001791f Error Scheduled scan failed: Path to file/folder no longer exists. Path not found.
AntiVirus 0x00017920 Warning AntiVirus scan was stopped by a user before it finished. The user specified stopped an AntiVirus scan
AntiVirus 0x00017921 Warning Failed to connect to FortiSandbox server. The sandbox server is unavialable
Webfilter 0x000178f4 Info User enabled Webfilter Logged when someone enables webfiltering.
Webfilter 0x000178f5 Warning User disabled Webfilter Logged when someone disables webfiltering.
Webfilter 0x000178f6 Warning user’s access to the url [action and reason] the action to the user’s access
Webfilter 0x000178f7 Info user’s access to the url [action and reason] the action to the user’s access
Webfilter 0x000178f8 Warning The Webfilter Violation report was cleared [user name] Logged when someone clears the webfilter violation report.
Webfilter 0x000178f9 Warning Unable to create proxy/webfilter communication socket. FortiClient will not be able to determine the FortiGuard rating of URLs.
Webfilter 0x000178fa Warning Unable to retrieve the webfilter UDP port number. FortiClient will not be able to determine the FortiGuard rating of URLs.
Webfilter 0x000178fb Warning status=warn [logged on user] temporarily disabled blocking of category [category id] ([category name]) to access [url] The user [logged on user] proceeded to the url [url] after acknowledging a warning message.
Application FireWall 0x00017980 Warning Firewall action  
Application FireWall 0x00017981 Info Firewall action
Application FireWall 0x00017982 Info User enabled Firewall User enabled Firewall

 

Client Feature ID Level Format Description
Application FireWall 0x00017983 Warning User disabled Firewall User disabled Firewall
Application FireWall 0x00017984 Warning The Application Firewall report was cleared Logged when someone clears the application firewall report.
Application FireWall 0x00017985 Warning The application firewall has been disabled because it’s driver could not be loaded Logged when application firewall driver could not be loaded with error 127 (The specified procedure could not be found).
IKE VPN 0x00017930 Info VPN tunnel status VPN tunnel status
IKE VPN 0x00017940 Info IKE phase1 authentication fail as peer’s certificate is not verified. IKE phase1 authentication fail as peer’s certificate is not verified.
IKE VPN 0x00017941 Info IKE phase1 authentication fail as the preshare key mismatch. IKE phase1 authentication fail as the preshare key mismatch.
IKE VPN 0x00017931 Warning No response from the peer  
IKE VPN 0x00017932 Warning No response from the peer
IKE VPN 0x00017933 Warning Received delete payload from peer check xauth password. Received delete payload from peer check xauth password.
IKE VPN 0x00017934 Error Failed to acquire an IP address. Failed to acquire an IP address for the virtual adapter.
IKE VPN 0x00017935 Error ike error  
IKE VPN 0x00017936 Info negotiation information
IKE VPN 0x00017937 Error negotiation error
IKE VPN 0x00017938 Error replayed packet detected (packet dropped)

 

Client Feature ID Level Format Description
IKE VPN 0x00017939 Info VPN user accept the banner and continue with the tunnel setup The VPN user accept the banner warning
IKE VPN 0x0001793a Info VPN user choose disconnect the tunnel or no response The VPN user reject the banner warning and disconnect the tunnel
IKE VPN 0x0001793b Info locip=<ip address> locport=<port number> remip=<ip address> remport=<port number> outif=<interface> vpntunnel=<tunnel name> action=install_sa  
IKE VPN 0x0001793c Info VPN before logon was enabled Logged when someone enables VPN before logon.
IKE VPN 0x0001793d Info VPN before logon was disabled Logged when someone disables VPN before logon.
IKE VPN 0x0001793e Error VPN cannot connect because an authorization rule failed. Logged when a VPN authorization rule failed.
IKE VPN 0x0001793f Warning A required application is not running. VPN cannot connect because the specified application is not running.
SSL VPN 0x00017958 Info SSLVPN tunnel status SSLVPN tunnel status
Wan Acceleration 0x00017a71 Info User enabled WAN Acceleration User enabled WAN Accel-

eration

Wan Acceleration 0x00017a70 Info User disabled WAN Acceleration User disabled WAN Acceleration
Wan Acceleration 0x0000b000 Error Network registry keys are missing When enumerating the network interface subkeys
Wan Acceleration 0x0000b001 Error Network adapter is missing a description When enumerating the network interfaces
Wan Acceleration 0x0000b002 Error Error opening redirector device Wan acceleration will not function.
Wan Acceleration 0x0000b003 Info WAN Acceleration was enabled by [user name] Logged when someone enables WAN Acceleration.

 

Client Feature ID Level Format Description
Wan Acceleration 0x0000b004 Info WAN Acceleration was disabled by [user name] Logged when someone disables WAN Acceleration.
Vulnerability

Scan

0x00017908 Info The vulnerability scan status has changed A vulnerability scan status change
Vulnerability

Scan

0x00017909 Info A vulnerability scan result has been logged A Vulnerability scan result log
Vulnerability

Scan

0x0001790a Info Remediating vulnerability The details of the vulnerability being remediated is described by the log fields
EndPoint Con-

trol

0x00017ab6 Info upload logs  
EndPoint Con-

trol

0x00017ab7 Info Endpoint control policy synchronization was enabled Logged when someone

enables Endpoint control policy synchronization.

EndPoint Con-

trol

0x00017ab8 Warning Endpoint control policy synchronization was disabled Logged when someone disables Endpoint control policy synchronization.
EndPoint Con-

trol

0x00017ab9 Info Endpoint Control Status changed to [status] Endpoint Control Status Changed
EndPoint Con-

trol

0x00017aba Warning OffNet configuration version [version] doesn’t match FortiGate configuration version [version] OffNet configuration version doesn’t match FortiGate configuration version
EndPoint Con-

trol

0x00017abb Info Endpoint Control Registration

Status changed to [status] with

FGT [serial]

 
EndPoint Con-

trol

0x00017abc Info Endpoint Quarantine Status changed to [status] Endpoint Quarantine Status Changed
Update 0x00017a2a Info Customer initiated a software update request. Logged when a user presses the gui’s update button.
Update 0x00017a37 Info Checking for updates. Checking for updates.
Update 0x00017a2c Info Update allowed only if you have a valid license Update allowed only if you have a valid license

 

Client Feature ID Level Format Description
Update 0x00017a38 Info Software update started. Software update started.
Update 0x00017a2d Info Software updates are disabled. Software updates from FortiGuard have been disabled.
Update 0x00017a2e Info Software updates from FortiGuard have been disabled because this client is managed. Software updates from FortiGuard have been disabled.
Update 0x00017a2f Info Software updates require administrative privileges. The user does not have sufficient privileges to perform software updates.
Update 0x00017a30 Info Software update successful. Software update successful.
Update 0x00017a31 Info Software update failed. Software update failed.
Update 0x00017a32 Info Unable to perform software update. Registry does not contain image id to download. The image id that is expected to be in the registry is missing.
Update 0x00017a33 Info Update <module description> successful  
Update 0x0001798a Info Update success Update was successful.
Update 0x00017a34 Error Unable to load AV engine Failed to load the av engine
Update 0x00017a35 Error Error patching AV signature. Error patching AV signature.
Update 0x00017a36 Error Unable to load FASLE engine Unable to load FASLE engine
Update 0x00017a39 Info Update successful  
Scheduler 0x00017a20 Info Forcefully kill a child process after grace period expires A scheduler owned child process failed to stop when instructed to do so

 

Client Feature ID Level Format Description
Scheduler 0x00017a21 Error The scheduler cannot start the scheduled task because the task’s license is expired. The scheduler cannot start the scheduled task because the task’s license is expired.
Scheduler 0x00017a68 Info FortiClient is starting up FortiClient is starting up
Scheduler 0x00017a69 Info %s is shutting down FortiClient is shutting down
FortiProxy 0x00017a49 Info Fortiproxy is enabled Fortiproxy is enabled
FortiProxy 0x00017a48 Warning Fortiproxy is disabled Fortiproxy is disabled
FortiShield 0x00017a53 Info FortiShield is enabled FortiShield is enabled
FortiShield 0x00017a52 Warning FortiShield is disabled FortiShield is disabled
FortiShield 0x00017a54 Info The console was locked The console password was locked.
FortiShield 0x00017a55 Warning The console was unlocked The console password was unlocked.
FortiShield 0x00017a56 Warning The console password was removed The console password was removed.
FortiShield 0x00017a57 Warning FortiShield blocked application: [application path] from modifying: [file or registry path] FortiShield has prevented an application from modifying a file or registry setting protected by FortiClient.
Application

Database

0x0000d001 Error <context> <file reference> db error – creating new database. A critical error occurred. The application database will not work. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

0x0000d003 Error <context> <file reference> db error – BIND command. A critical error occurred. The application database will not work. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d004 Error <context> <file reference> db error – opening database. A critical error occurred. The application database is not present. An attempt to automatically regenerate it will occur. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d005 Error <context> <file reference> db error – preparing sql statement. The sql statement used is invalid. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d006 Error <context> <file reference> db error – unable to find fingerprint. The fingerprint does not exist in the database. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d007 Error <context> <file reference> db error – invalid md5. The parameter supplied is not an MD5. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

0x0000d008 Error <context> <file reference> db error – row not found. The requested row does not exist. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d00a Error <context> <file reference> Can’t open file. The file cannot be opened. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d00b Error <context> <file reference>

Unable to extract vendor id.

The files is not digitally signed
Application

Database

0x0000d00e Error <context> <file reference> Can’t access file because of sharing violation. Can’t access file because of sharing violation. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d00f Error <context> <file reference> Can’t open driver. Can’t open the apd driver. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d010 Error <context> <file reference> Can’t start driver. Can’t start the apd driver. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d011 Error <context> <file reference> Driver io error. APD driver io error. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

0x0000d016 Error <context> <file reference> Server-side pipe error. A communication error occurred. It is probably temporary. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d017 Error <context> <file reference> Pipe server initialization error. A communication initialization error occurred. It is probably temporary. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d018 Error <context> <file reference> Pipe server creation error. A communication initialization error occurred. It is probably temporary. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d019 Error <context> <file reference>

Unable to bypass fortishield.

Failed to bypass self-protection. The daemon might not function normally after this. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d01a Error <context> <file reference> Invalid arguments. Invalid command line options supplied. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.

 

Client Feature ID Level Format Description
Application

Database

0x0000d01c Error <context> <file reference> Unable to allocate memory for vendor id cache. Low memory. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d01d Error <context> <file reference>

Vendor id cache not initialized.

This is probably temporary. An attempt will be made later to read/write to the cache. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d01e Error <context> <file reference>

Unable to open vendor id cache shared memory.

Application detection will not be functioning normally. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Application

Database

0x0000d01f Error <context> <file reference>

Unable to open mutex to access vendor id shared memory.

Application detection will not be functioning normally. <context> is the service that generated the log. <file reference> is optional and describes the file was being accessed when the log was generated.
Config

Import/Export

0x00017a5c Info A configuration file is exported to [location] Logged when someone exports a config file.
Config

Import/Export

0x00017a5d Info A configuration file is imported from [location] Logged when someone imports a config file.
Config

Import/Export

0x00017a72 Info Policy ‘[name]’ was received and applied Logged when push configuration is received.
Single SignOn Mobility

Agent

0x00017ad4 Info Single Sign-On event Single Sign-On event.

 

Client Feature ID Level Format Description
Single SignOn Mobility

Agent

0x00017ad5 Info Single Sign-On Mobility Agent was enabled Logged when someone enables Single Sign-On Mobility Agent.
Single SignOn Mobility

Agent

0x00017ad6 Warning Single Sign-On Mobility Agent was disabled Logged when someone disables Single Sign-On Mobility Agent.
Single SignOn Mobility

Agent

0x00017ad7 Info Single Sign-On Mobility Agent is starting…  
Single SignOn Mobility

Agent

0x00017ad8 Info Single Sign-On Mobility Agent is stopping…
UI 0x00017a66 Warning Logs were cleared Logged when logs are cleared.
UI 0x00017a67 Info Alerts were cleared Logged when alerts are cleared by a user.

Appendix C – Rebrand FortiClient

Appendix C – Rebrand FortiClient

The FortiClient Configurator can be used to create custom FortiClient MSI installers with various combinations. The customized MSI installer generated may be used to install FortiClient on all supported platforms using Active Directory. A FortiClient setup executable file is also generated for manual distribution.

Under Options, you can select to enable software updates, configure the single sign-on mobility agent, and rebrand FortiClient. Rebranding allows you to edit various UI elements including graphics.

When replacing files in the resource folder, the replacement file should be the same file type and dimensions. Icons (.ico) are a special case. The Main_icon.ico file for example, is a composite file of multiple icons. The operating system picks the appropriate icon size from this file for the context in which the icon is being displayed.

Rebranding elements:

Installer Product Name Where Used: Setup Wizard header and body, File directory name in Installer Company Name file folder, engine/signature update bubble messages.

Default Value: FortiClient

Installer Company Name Where Used: File directory name in Program Files. Default Value: Fortinet

 

Manufacturer Name Where Used: Default Value: Fortinet Inc
Shortcut Text Where Used: Name of shortcut on desktop

Default Value: FortiClient

Product Name Where Used: Name of installer file (.msi/.mst), UI header, configuration received from FortiGate bubble messages, Default Value: FortiClient
Product Name Text Where Used: Name of client in main page

Default Value: FortiClient

Company Where Used: Help > About > Copyright page

Default Value: Fortinet

Company WebSite URL Where Used: Help > About > Copyright page

Default Value: http://www.fortinet.com

Company Website Text Where Used: Help > About > Copyright page

Default Value: www.fortinet.com

Feedback Email Where Used: Help > About > Copyright page, Send Feedback

Default Value: forticlient-feedback@fortinet.com

Feedback Email Text Where Used: Help > About > Copyright page, Send Feedback

Default Value: forticlient-feedback@fortinet.com

EULA Where Used: Help > About > Copyright page, Click here to view the license agreement

Default Value: http://www.fortinet.com/doc/legal/EULA.pdf

Knowledge Base Text Where Used: Help menu option

Default Value: Fortinet Knowledge Base

Leave this field blank to omit the field in the console.

Knowledge Base Link Where used: Link used by Knowledge Base text

Default value: http://kb.fortinet.com

Leave this field blank to omit the field in the console.

Advertisement 1 Where used: Link used by dashboard banner advertisement 1

Default value: http://www.forticlient.com/video/001

Advertisement 2 Where used: Link used by dashboard banner advertisement 2

Default value: http://www.forticlient.com/video/002

Advertisement 3 Where used: Link used by dashboard banner advertisement 3

Default value: http://www.forticlient.com/video/003

Resources folder elements:

Appendix C – Rebrand FortiClient

About_red_shield_logo.png Where Used:

File Type: PNG File (.png)

Width: 43 pixels

Height: 43 pixels

Bit Depth: 32

Advertisement_ad_0.png Where Used: Dashboard advertisement banner

File Type: PNG File (.png)

Width: 628 pixels

Height: 66 pixels

Bit Depth: 32

Advertisement_ad_1.png Where Used: Dashboard advertisement banner

File Type: PNG File (.png)

Width: 628 pixels

Height: 66 pixels

BitBit Depth: 32

Advertisement_ad_2.png Where Used: Dashboard advertisement banner

File Type: PNG File (.png)

Width: 628 pixels

Height: 66 pixels

Bit Depth: 32

Antivirus_AV_scan_top_banner_left_hand_ side.png Where Used:

File Type: BMP File (.bmp)

Width: 1 pixel

Height: 40 pixels

Bit Depth: 8

Antivirus_AV_scan_top_banner_right_hand_ side.png Where Used: Banner used in right-click “scan with

product name” dialog box File Type: BMP File (.bmp)

Width: 440 pixels

Height: 40 pixels

Bit Depth: 8

Common_fgt-not-found-page-bg.png Where Used: FortiGate not found page

File Type: PNG File (.png)

Width: 673 pixels

Height: 189 pixels

Bit Depth: 32

Common_fortinet-icon.png Where Used:

File Type: PNG File (.png)

Width: 79 pixels

Height: 79 pixels

Bit Depth: 32

 

Common_registration_icon.png Where Used: FortiGate detected page

File Type: PNG File (.png)

Width: 85 pixels

Height: 85 pixels

Bit Depth: 32

Common_searching-page-bg.png Where Used: Searching for FortiGate page

File Type: PNG File (.png)

Width: 673 pixels

Height: 189 pixels

Bit Depth: 32

Dashboard_forticlient_v5_dashboard_bg.png Where Used: Client console

File Type: PNG File (.png)

Width: 628 pixels

Height: 451 pixels

Bit Depth: 32

Dashboard_warning-shield.png Where Used: Dashboard warning shield, displayed when antivirus is disabled. File Type: PNG File (.png)

Width: 59 pixels

Height: 75 pixels

Bit Depth: 32

Installer_background.bmp Where used: Setup Wizard background image.

File Type: BMP file (.bmp)

Width: 491 pixels

Height: 312 pixels

Bit Depth: 8

Installer_banner.bmp Where Used: Setup Wizard banner image on destination page, ready to install page, installing pages.

File Type: BMP file (.bmp)

Width: 491 pixels

Height: 58 pixels

Bit Depth: 8

LightInstaller_icon.ico Where Used: Light Installer Icon

File Type: ICO File (.ico)

Width: 32 pixels

Height: 32 pixels

Bit Depth: 32

Main_icon.ico Where Used: Shortcut on desktop

File Type: ICO file (.ico)

Width: 48 pixels

Height: 48 pixels

Bit Depth: 32

Appendix C – Rebrand FortiClient

Main_logo_black.ico Where Used: Client console header

File Type: ICO file (.ico)

Width: 32 pixels

Height: 32 pixels

Bit Depth: 32

setup.ico Where Used: Setup icon

File Type: ICO File (.ico)

Width: 256 pixels

Height: 256 pixels

Bit Depth: 32

Tray_Icons_alert.ico Where Used: System tray alert icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32

Tray_Icons_alert_vpn.ico Where Used: System tray VPN alert icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32

Tray_Icons_running.ico Where Used: System tray running icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32

Tray_Icons_scan1.ico, Tray_Icons_scan2.ico,

Tray_Icons_scan3.ico, Tray_Icons_scan4.ico,

Tray_Icons_scan5.ico, Tray_Icons_scan6.ico,

Tray_Icons_scan7.ico, Tray_Icons_scan8.ico,

Tray_Icons_scan9.ico, Tray_Icons_scan10.ico

Tray_Icons_scan11.ico

Where Used: System tray, these eleven images animate the scanning activity of the tray icon.

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32

Tray_Icons_vpn.ico Where Used: System tray VPN icon

File Type: ICO File (.ico)

Width: 16 pixels

Height: 16 pixels

Bit Depth: 32

VPN_xauth-dialog-logo.png Where Used: VPN xAuth dialog logo

File Type: PNG File (.png)

Width: 88 pixels

Height: 100 pixels

Bit Depth: 32

zzz_rebranding.ini Where Used: This file is used by the FortiClient Configurator tool for element/resource mapping. File Type: Configuration settings (.ini)

When rebranding FortiClient, you can select to digitally sign the installer package using a code signing certificate.

 

Appendix B – FortiClient API

Appendix B – FortiClient API

You can operate FortiClient VPNs using the COM-based FortiClient API. The API can be used with IPsec VPN only. SSL VPN is currently not supported. This chapter contains the following sections:

l Overview l API reference

Overview

The FortiClient COM library provides functionality to:

  • Retrieve a list of the VPN tunnels configured in the FortiClient application. l Start and stop any of the configured VPN tunnels. l Send XAuth credentials.
Disconnect(bstrTunnelName As String) Close the named VPN tunnel.
GetPolicy pbAV As Boolean, pbAS As

Boolean, pbFW As Boolean, pbWF

As Boolean)

Command is deprecated in FortiClient v5.0.
  • Retrieve status information: l configured tunnel list l active tunnel name l connected or not l idle or not l remaining key life
  • Respond to FortiClient-related events:
  • VPN connect l VPN disconnect l VPN is idle
  • XAuth authentication requested

For more information, see the vpn_com_examples ZIP file located in the VPN Automation file folder in the FortiClientTools file.

API reference

The following tables provide API reference values.

API reference                                                                                                       Appendix B – FortiClient API

GetRemainingKeyLife(bstrTunnelName As String, pSecs As Long, pKBytes As Long) Retrieve the remaining key life for the named connection. Whether keylife time (pSecs) or data (pKBytes) are significant depends on the detailed settings in the FortiClient application.
MakeSystemPolicyCompliant() Command is deprecated in FortiClient v5.0.
SendXAuthResponse (tunnelName As String, userName As String, password As String, savePassword As Boolean) Send XAuth credentials for the named connection:

l User name, Password l True if password should be saved.

SetPolicy (bAV As Boolean, bAS As

Boolean, bFW As Boolean, bWF

As Boolean)

Command is deprecated in FortiClient v5.0.
GetTunnelList() Retrieve the list of all connections configured in the FortiClient application.
IsConnected (bstrTunnelName As String) As Boolean Return True if the named connection is up.
IsIdle (bstrTunnelName As String) As Boolean Return True if the named connection is idle.
OnDisconnect(bstrTunnelName As String) Connection disconnected.
OnIdle(bstrTunnelName As String) Connection idle.
OnOutOfCompliance(bAV As Boolean, bAS As Boolean, bFW As Boolean, bWF As Boolean) Command is deprecated in FortiClient v5.0.
OnXAuthRequest(bstrTunnelName As String) The VPN peer on the named connection requests XAuth authentication.

Custom FortiClient Installations

Custom FortiClient Installations

The FortiClient Configurator tool is the recommended method of creating customized FortiClient installation files.

You can also customize which modules are displayed in the FortiClient dashboard in the FortiClient profile. This will allow you to activate any of the modules at a later date without needing to re-install FortiClient. Any changes made to the FortiClient profile are pushed to connected clients.

When creating VPN only installation files, you cannot enable other modules in the FortiClient profile as only the VPN module is installed.

When deploying a custom FortiClient XML configuration, use the advanced profile options in FortiClient EMS to ensure the profile settings do not overwrite your custom XML settings. For more information, see the FortiClient XML Reference and the FortiClient EMS Administration Guide.

The FortiClient Configurator tool is included with the FortiClient Tools file in FortiClient 5.4.1. This file is only available on the Customer Service & Support portal and is located in the same file directory as the FortiClient images.

The Configurator tool requires activation with a license file. Ensure that you have completed the following steps prior to logging in to your FortiCare product web portal:

  • Purchased FortiClient Registration License l Activated the FortiClient license on a FortiGate

This video explains how to purchase and apply a FortiClient License: http://www.youtube.com/watch?feature=player_embedded&v=sIkWaUXK0Ok This chapter contains the following sections:

  • Download the license file on page 110 l Prepare configuration files on page 111 l Create a custom installer on page 113 l Custom installation packages on page 120 l Advanced FortiClient profiles on page 121

Download the license file

To retrieve your license file:

  1. Go to https://support.fortinet.com and log in to your FortiCare account.
  2. Under Asset select Manage/View Products. Select the FortiGate device that has the FortiClient registration license activated. You will see the Get the Key File link in the Available Key(s) 110

 

Prepare configuration files

  1. Click the link and download license file to your management computer. This file will be needed each time you use the FortiClient Configurator tool.

Settings

Settings

This section describes the available options on the File > Settings page for FortiClient in standalone mode.

In managed mode, options on the Settings page are configured in the FortiClient profile by using FortiGate/EMS.

Backup or restore full configuration

To backup or restore the full configuration file, select File > Settings from the toolbar. Expand the System section, then select Backup or Restore as needed. Restore is only available when operating in standalone mode.

When performing a backup, you can select the file destination, password requirements, and add comments as needed.

Signature updates

This setting can only be configured when FortiClient is in standalone mode.

To configure updates, select File > Settings from the toolbar, then expand the System section.

Select to either automatically download and install updates when they are available on the FortiGuard Distribution Servers, or to send an alert when updates are available.

In managed mode, you can select to use a FortiManager device for signature updates. When configuring the endpoint profile in EMS, select Use FortiManagerforclient software/signature updates to enable the feature and enter the IP address of your FortiManager device.

To configure FortiClient to use FortiManager for signature updates (EMS):

  1. On EMS, select an endpoint profile, then go to the System Settings
  2. Toggle the Use FortiManagerforclient software/signature update option to ON.
  3. Specify the IP address or hostname of the FortiManager device.
  4. Select Failoverto FDN when FortiManageris not available to have FortiClient receive updates from the FortiGuard Distribution Network when the FortiManager is not available.
  5. Select Save to save the settings.

Logging

To configure logging, select File > Settings from the toolbar then expand the Logging section.

Logging

VPN VPN logging is available when in standalone mode or in managed mode when FortiClient is connected to FortiGate/EMS.
Application Firewall Application Firewall logging is available in managed mode when FortiClient is connected to FortiGate/EMS.
AntiVirus Antivirus activity logging is available when in standalone mode or in managed mode when FortiClient is connected to FortiGate/EMS.
Web Security/Web Filter Web Security logging is available when in standalone mode. Web Filter logging is available in managed mode.
Update Update logging is available when in standalone mode or in managed mode when FortiClient is connected to FortiGate/EMS.
Vulnerability Scan Vulnerability Scan logging is available in managed mode when FortiClient is connected to FortiGate/EMS.
Log Level This setting can be configured when in standalone mode. When FortiClient is connected to FortiGate, this setting is set by the XML configuration (if configured).
Log File The option to export the log file (.log) is available when in standalone mode or in managed mode when FortiClient is connected to

FortiGate/EMS. The option to clear logs is only available when in standalone mode.

The following table lists the logging levels and description:

Logging Level Description
Emergency The system becomes unstable.
Alert Immediate action is required.
Critical Functionality is affected.
Error An error condition exists and functionality could be affected.
Warning Functionality could be affected.

Logging

Logging Level   Description
Notice   Information about normal events.
Information   General information about system operations.
Debug   Debug FortiClient.

It is recommended to use the debug logging level only when needed. Do not leave the debug logging level permanently enabled in a production environment to avoid unnecessarily consuming disk space.

Sending logs to FortiAnalyzer or FortiManager

To configure FortiClient to send logs to FortiAnalyzer or FortiManager, you require the following:

l FortiClient 5.2.0 or later l A FortiGate device running FortiOS 5.2.0 or later or EMS 1.0 or later l A FortiAnalyzer or FortiManager device running 5.0.7 or later

The connected FortiClient device can send traffic logs, vulnerability scan logs, and event logs to the log device on port 514 TCP.

Enable logging on the FortiGate device:

  1. On your FortiGate device, select Log & Report > Log Settings. The Log Settings window opens.
  2. Enable Send Logs to FortiAnalyzer/FortiManager.
  3. Enter the IP address of your log device in the IP Address You can select Test Connectivity to ensure your FortiGate is able to communicate with the log device on this IP address.
  4. Select Apply to save the setting.

Enable logging in the FortiGate FortiClient profile:

  1. Go to Security Profiles > FortiClient Profiles.
  2. Select the FortiClient Profile and select Edit from the toolbar. The Edit FortiClient Profile page opens.
  3. Enable Upload Logs to FortiAnalyzer.

VPN options

  1. Select either Same as System to send the logs to the FortiAnalyzer or FortiManager configured in the Log Settings, or Specify to enter a different IP address.
  2. In the Schedule field, select to upload logs Hourly or Daily.
  3. Select Apply to save the settings.

Once the FortiClient Profile change is synchronized with the client, you will start receiving logs from connected clients on your FortiAnalyzer/FortiManager system.

Alternatively, you can configure logging in the command line interface. Go to System > Dashboard > Status. In the CLI Console widget, enter the following CLI commands:

config endpoint-control profile edit <profile-name>

config forticlient-winmac-settings set forticlient-log-upload enable set forticlient-log-upload-server <IP address> set forticlient-log-upload-schedule {hourly | daily} set forticlient-log-ssl-upload {enable | disable} set client-log-when-on-net {enable | disable}

end

end

Enable logging in the EMS endpoint profile:

  1. On EMS, select an endpoint profile, then go to the System Settings
  2. Enable Upload Logs to FortiAnalyzer/FortiManager.
  3. Enable the type of logs to upload. Choose from traffic, vulnerability, and event.
  4. Enter the IP address or hostname, schedule upload (in minutes), and log generation timeout (in seconds).
  5. Select Save to save the settings.

VPN options

To configure VPN options, select File > Settings from the toolbar and expand the VPN section. Select Enable VPN before logon to enable VPN before log on.

This setting can only be configured when in standalone mode.

Certificate management

To configure VPN certificates, select File > Settings from the toolbar and expand the Certificate Management section. Select Use local certificate uploads (IPsec only) to configure IPsec VPN to use local certificates and import certificates to FortiClient.

This setting can only be configured when in standalone mode.

Antivirus options

To configure antivirus options, select File > Settings from the toolbar and expand the Antivirus Options section.

Advanced options

These settings can be configured only when FortiClient is in standalone mode.

Configure the following settings:

Grayware Options Grayware is an umbrella term applied to a wide range of malicious applications such as spyware, adware and key loggers that are often secretly installed on a user’s computer to track and/or report certain information back to an external source without the user’s permission or knowledge.
Adware Select to enable adware detection and quarantine during the antivirus scan.
Riskware Select to enable riskware detection and quarantine during the antivirus scan.
Scan removable media on

insertion

Select to scan removable media when it is inserted.
Alert when viruses are detected Select to have FortiClient provide a notification alert when a threat is detected on your personal computer. When Alert when viruses are detected under AntiVirus Options is not selected, you will not receive the virus alert dialog box when attempting to download a virus in a web browser.
Pause background scanning on battery power Select to pause background scanning when your computer is operating on battery power.
Enable FortiGuard Ana-

lytics

Select to automatically send suspicious files to the FortiGuard Network for analysis.

When connected to FortiGate/EMS, you can enable or disable FortiClient Antivirus Protection in the FortiClient profile.

Advanced options

To configure advanced options, select File > Settings from the toolbar and expand the Advance section.

These settings can be configured only when FortiClient is in standalone mode. When a FortiClient endpoint is connected to FortiGate/EMS, these settings are set by the XML configuration (if configured).

Single Sign-On mobility agent

Configure the following settings:

Enable WAN Optimization Select to enable WAN Optimization. You should enable only if you have a FortiGate device and your FortiGate is configured for WAN Optimization.

This setting can be configured when in standalone mode.

Maximum Disk Cache Size Select to configure the maximum disk cache size. The default value is 512MB.
Enable Single Sign-On mobility agent Select to enable Single Sign-On Mobility Agent for FortiAuthenticator. To use this feature you need to apply a FortiClient SSO mobility agent license to your FortiAuthenticator device.

This setting can be configured when in standalone mode.

Server address Enter the FortiAuthenticator IP address.
Customize port Enter the port number. The default port is 8001.
Pre-shared Key Enter the pre-shared key. The pre-shared key should match the key configured on your FortiAuthenticator device.
Disable proxy (troubleshooting only) Select to disable proxy when troubleshooting FortiClient.

This setting can be configured when in standalone mode.

Default tab Select the default tab to be displayed when opening FortiClient. This setting can be configured when in standalone mode.

Single Sign-On mobility agent

The FortiClient Single Sign-On (SSO) Mobility Agent is a client that updates FortiAuthenticator with user logon and network information.

FortiClient/FortiAuthenticator protocol

The FortiAuthenticator listens on a configurable TCP port. FortiClient connects to FortiAuthenticator using TLS/SSL with two-way certificate authentication. The FortiClient sends a logon packet to FortiAuthenticator, which replies with an acknowledgment packet.

FortiClient/FortiAuthenticator communication requires the following:

  • The IP address should be unique in the entire network. l The FortiAuthenticator should be accessible from clients in all locations.

Single Sign-On mobility agent

  • The FortiAuthenticator should be accessible by all FortiGates.

FortiClient Single Sign-On Mobility Agent requires a FortiAuthenticator running 2.0.0 or later, or v3.0.0 or later. Enter the FortiAuthenticator (server) IP address, port number, and the pre-shared key configured on the FortiAuthenticator.

Enable Single Sign-On mobility agent on FortiClient:

  1. Select File in the toolbar and select Settings in the drop-down menu.
  2. Select Advanced to view the drop-down menu.
  3. Select Enable Single Sign-On mobility agent.
  4. Enter the FortiAuthenticator server address and the pre-shared key.

This setting can be configured when in standalone mode. When connected to FortiGate, this setting is set by the XML configuration (if configured).

Enable FortiClient SSO mobility agent service on the FortiAuthenticator:

  1. Select Fortinet SSO Methods > SSO > General. The Edit SSO Configuration page opens.
  2. Select Enable FortiClient SSO Mobility Agent Service and enter a TCP port value for the listening port.
  3. Select Enable authentication and enter a secret key or password.
  4. Select OK to save the setting.

Enable FortiClient FSSO services on the interface:

  1. Select System > Network > Interfaces. Select the interface and select Edit from the toolbar. The Edit Network Interface window opens.
  2. Select the checkbox to enable FortiClient FSSO.
  3. Select OK to save the setting.

Configuration lock

To enable the FortiClient SSO Mobility Agent Service on the FortiAuthenticator, you must first apply the applicable FortiClient license for FortiAuthenticator. For more information, see the FortiAuthenticator Administration Guide in the Fortinet Document Library.

For information on purchasing a FortiClient license for FortiAuthenticator, please contact your authorized Fortinet reseller.

Configuration lock

To prevent unauthorized changes to the FortiClient configuration, select the lock icon located at the bottom left of the Settings page. You will be prompted to enter and confirm a password. When the configuration is locked, configuration changes are restricted and FortiClient cannot be shut down or uninstalled.

When the configuration is locked you can perform the following actions:

  • Compliance l Connect and disconnect FortiClient for Endpoint Control
  • Antivirus l Complete an antivirus scan, view threats found, and view logs l Select Update Now to update signatures
  • Web Security l View violations
  • Application Firewall l View applications blocked
  • Remote Access l Configure, edit, or delete an IPsec VPN or SSL VPN connection l Connect to a VPN connection
  • Vulnerability Scan l Complete a vulnerability scan of the system l View vulnerabilities found
  • Settings l Export FortiClient logs l Back up the FortiClient configuration

To perform configuration changes, or to shut down FortiClient, select the lock icon and enter the password used to lock the configuration.

FortiTray

When FortiClient is running on your system, you can select the FortiTray icon in the Windows system tray to perform various actions. The FortiTray icon is available in the system tray even when the FortiClient console is closed.

  • Default menu options: l Open FortiClient console FortiTray
  • Shut down FortiClient
  • Dynamic menu options, depending on configuration:
  • Connect to a configured IPsec VPN or SSL VPN connection l Display the antivirus scan window (if a scheduled scan is currently running) l Display the Vulnerability scan window (if a vulnerability scan is running)

If you hover the mouse cursor over the FortiTray icon, you will receive various notifications including the version, antivirus signature, and antivirus engine.

Connecting to VPN connections

To connect to a VPN connection from FortiTray, select the Windows System Tray and right-click in the FortiTray icon. Select the connection you wish to connect to, enter your username and password in the authentication window, then select OK to connect.

 

Vulnerability Scan

Vulnerability Scan

FortiClient includes a Vulnerability Scan module to check endpoint workstations for known system vulnerabilities. The vulnerability scan results can include:

  • List of vulnerabilities for Microsoft operating systems, third-party software, and Microsoft software detected on the endpoint device
  • Links to more information l Links to Microsoft bulletin reports
  • Software patches that can be installed to resolve or close detected vulnerabilities

You can scan on-demand. The scan results display a summary of vulnerabilities found in the system with links to more details, including links to the FortiGuard Center (FortiGuard.com) for more information. Links to remediation patches might also be included.

Whether and how remediation patches are applied to endpoints depends on the settings in the FortiClient profile that is assigned to the endpoint. Patches can be automatically applied to the FortiClient endpoint to enforce network compliance, or you can manually apply patches. FortiClient checks vulnerabilities for the following software:

  • Microsoft Security Update l Firefox l Firefox ESR l Google Chrome l Java JDK l Java JRE l Adobe Flash Player

For the latest list of supported software, see the FortiGuard Center (FortiGuard.com) .

Enable vulnerability scan

The administrator enables and configures the vulnerability scan feature in a FortiClient profile by using FortiGate/EMS.

Enable vulnerability scan in FortiClient profiles (EMS)

In EMS 1.0.1 and later, the vulnerability scan feature is visible by default in the FortiClient profile. The EMS administrator may choose to enable this feature in the FortiClient profile. The EMS administrator can also schedule vulnerability scans and configure remediation patches to be automatically installed on endpoints. For more information, see the FortiClient EMS Administration Guide.

 

Scan now

Enable vulnerability scan in FortiClient profiles (FortiGate)

In FortiGate 5.4.1 and later, the vulnerability scan feature is visible by default in the FortiClient profile. The FortiGate administrator may choose to enable this feature in the FortiClient profile.

Scan now

To scan now:

  1. In the FortiClient console, click the Vulnerability Scan
  2. Click the Scan Now FortiClient scans your workstation for known vulnerabilities.

When the scan is complete, FortiClient displays a summary of vulnerabilities found on the system.

View scan results

Vulnerability scan results are organized into the following categories:

l Critical vulnerabilities l Vulnerabilities detected

You can use the vulnerability scan results to learn more about vulnerabilities on your computer and to learn what actions you can take to address the vulnerabilities.

When remediation patches are available for software that is running on the managed endpoint, the vulnerability scan results might include the option to install software patches that address the identified vulnerability. See Install remediation patches on page 97.

View scan results

To view scan results:

  1. In the FortiClient console, click the Vulnerability Scan
  2. Beside Vulnerabilities Detected, click the <number>

A summary of vulnerabilities detected on your system is displayed.

  1. Click the tabs, such as OS, Browser, and so on, to view all vulnerabilities.
  2. On each tab, click Critical Vulnerabilities, High Vulnerabilities, Medium Vulnerabilities, and Low Vulnerabilities to view the vulnerabilities in each category for each tab.

View scan results

  1. When available, click the Details icon to view details about the vulnerability.

You can scroll to the bottom of the window to click links to more information about CVE IDs and vendor information.

  1. Click OK to return to the previous screen, and click Close to return to the Vulnerability Scan For information on installing patches, see Install remediation patches on page 97.

View details of scan results

View details of scan results

To view details of scan results:

  1. In the FortiClient console, click the Vulnerability Scan
  2. Under Vulnerabilities Detected, click Critical, High, Medium, or Low when the results are greater than 0.

A summary of vulnerabilities detected on your system is displayed. Click the tabs, such as OS, Browser, and so on, to view all vulnerabilities.

  1. Click the Details icon for more information.

You can scroll to the bottom of the window to click links to more information about CVE (common vulnerabilities and exposures) IDs and vendor information.

Install remediation patches

  1. Click OK to return to the previous screen, and click Close to return to the Vulnerability Scan

Install remediation patches

When remediation patches are available for software that is running on the managed endpoint, the vulnerability scan results might include the option to install software patches that address the identified vulnerability.

Access to software patches is controlled by the FortiClient profile configuration. Depending on the FortiClient profile settings, the patches might be installed for you, or you might be able to choose what patches to install. In some cases, you must install the software patches to maintain network access. For example, if compliance is configured to block network access for non-compliant endpoints, software patches must be installed to maintain network access.

To install remediation patches:

  1. In the FortiClient console, click the Vulnerability Scan
  2. Beside Vulnerabilities Detected, click the <number> link to review information about vulnerabilities before installing patches.

Alternately, you can click Fix Now to install all remediation patches.

Install remediation patches

  1. Select the check box for each patch that you want to install.

Click the tabs, such as OS, Browser, and so on, to view all vulnerabilities. On each tab, click Critical Vulnerabilities, High Vulnerabilities, Medium Vulnerabilities, and Low Vulnerabilities to view the vulnerabilities in each category for each tab.

You may be unable to choose which patches to install, depending on your FortiClient configuration.

  1. Click the Install Selected button to install the selected patches.

FortiClient installs the patches. You may need to reboot the endpoint device to complete installation.

 

FortiClient Telemetry Connection

FortiClient Telemetry Connection

In managed mode, FortiClient uses a gateway IP address to connect FortiClient Telemetry to FortiGate or FortiClient EMS. For more information, see Telemetry Gateway IP Lists on page 31.

How FortiClient locates FortiGate/EMS

FortiClient uses the following methods in the following order to automatically locate FortiGate/EMS for Telemetry connection:

  • Telemetry Gateway IP List

FortiClient Telemetry searches for IP addresses in its subnet in the Gateway IP list. It connects to the FortiGate in the list that is also in the same subnet as the host system.

If FortiClient cannot find any FortiGates in its subnet, it will attempt to connect to the first reachable FortiGate in the list, starting from the top. The order of the list is maintained as it was configured in the Gateway IP list.

  • Remembered gateway IP list

You can configure FortiClient to remember gateway IP addresses when you connect Telemetry to

FortiGate/EMS. Later FortiClient can use the remembered IP addresses to automatically connect Telemetry to FortiGate/EMS.

  • Default gateway IP address

The default gateway IP address is specified on the FortiClient endpoint and is used to automatically connect to FortiGate. This method does not support connection to EMS.

FortiClient obtains the default gateway IP address from the operating system on the endpoint device. The default gateway IP address of the endpoint device should be the IP address for the FortiGate interface with Telemetry enabled.

If FortiClient is unable to automatically locate a FortiGate/EMS on the network for Telemetry connection, you can use the following methods to manually connect Telemetry to FortiGate/EMS: l Type the gateway IP address of FortiGate/EMS. See Connect FortiClient Telemetry manually on page 54.

FortiClient uses the same process to connect Telemetry to FortiGate/EMS after the FortiClient endpoint reboots, rejoins the network, or encounters a network change.

Telemetry Connection                                  Connect FortiClient Telemetry after installation

Connect FortiClient Telemetry after installation

After FortiClient software installation completes on an endpoint, FortiClient automatically launches and searches for a FortiGate or FortiClient EMS for FortiClient Telemetry connection. See also How FortiClient locates FortiGate/EMS on page 51.

When FortiClient locates a FortiGate or EMS, the FortiGate Detected or Enterprise Management Server (EMS) Detected dialog box is displayed.

The following options are availble:

Endpoint User Displays the name of the endpoint user that is logged into the endpoint device.
Logged into Domain Displays the name of domain if applicable.
Hostname Displays the name of the endpoint device.
Profile Details Click to display details of the profile that FortiClient will download after you accept connection to FortiGate/EMS. See also FortiClient profiles on page 29.
Remember this FortiGate Select for FortiClient to remember the gateway IP address of the

FortiGate/EMS to which you are connecting Telemetry. See also Remember gateway IP addresses on page 52.

Click Accept to connect FortiClient Telemetry to the identified FortiGate/EMS. Alternately, you can click Cancel to launch FortiClient software without connecting FortiClient Telemetry. FortiClient launches in standalone mode. You can manually connect FortiClient Telemetry later.

After FortiClient Telemetry is connected to FortiGate or EMS, FortiClient downloads a profile from FortiGate/EMS. A system tray bubble message will be displayed once the profile download is complete.

Remember gateway IP addresses

When you confirm Telemetry connection to a FortiGate/EMS, you can instruct FortiClient to remember the gateway IP address of the FortiGate/EMS. If a connection key is required, FortiClient remembers the connection password too. FortiClient can remember up to 20 gateway IP addresses for FortiGate/EMS. 52

Remember gateway IP addresses                                                           FortiClient Telemetry Connection

The remembered IP addresses display in the Local Gateway IP list. FortiClient can use the remembered gateway IP addresses to automatically connect to FortiGate/EMS.

See also Forget gateway IP addresses on page 60.

To remember FortiGate/EMS:

  1. In the FortiGate/EMS Detected dialog box, select the Rememberthis FortiGate or Rememberthis EMS (not shown) check box.
  2. Click Accept.

FortiClient remembers the IP address and password, if applicable.

 

FortiClient Provisioning

FortiClient Provisioning

FortiClient can be installed on a standalone computer using the installation wizard or deployed to multiple Microsoft Windows systems by using Microsoft Active Directory (AD).

You can use FortiClient EMS to deply FortiClient to multiple Microsoft Windows systems. For information, see the FortiClient EMS Administration Guide.

This chapter contains the following sections:

l Install FortiClient on computers l Install FortiClient on infected systems l Install FortiClient as part of cloned disk images l Deploy FortiClient using Microsoft Active Directory servers

For information on customizing your FortiClient installation, see Custom FortiClient Installations.

Download FortiClient installation files

The FortiClient installation files can be downloaded from the following sites:

Requires a support account with a valid support contract. Download either the Microsoft Windows (32-bit/64bit) or the Mac OS X installation file.

Download the FortiClient online installation file. The installer file performs a virus and malware scan of the target system prior to installing FortiClient.

Download the FortiClient online installation file. On this page you can download the latest version of FortiClient for Microsoft Windows and Mac OS X, and link to the iOS, and Android versions.

Install FortiClient on computers

The following section describes how to install FortiClient on a computer that is running a Microsoft Windows or Apple Mac operating system.

Microsoft Windows computer

The following instructions will guide you though the installation of FortiClient on a Microsoft Windows computer. For more information, see the FortiClient (Windows)Release Notes.

When installing FortiClient, it is recommended to use the FortiClientOnlineInstaller file. This file will launch the FortiClient Virus Cleaner which will scan the target system prior to installing the FortiClient application.

Install                        on computers

To check the digital signature of FortiClient, right-click on the installation file and select Properties. In this menu you can set file attributes, run the compatibility troubleshooter, view the digital signature and certificate, install the certificate, set file permissions, and view file details.

To install FortiClient (Windows):

  1. Double-click the FortiClient executable file. The Setup Wizard

When using the FortiClient Online Installer file, the FortiClient Virus Cleaner will run before launching the Setup Wizard.

If a virus is found that prevents the infected system from downloading the new FortiClient package, see Install FortiClient on infected systems on page 47.

  1. In the Welcome screen, read the license agreement, select the Yes, I have read and accept the license checkbox, and select Next to continue. The Choose Setup Type screen is displayed.

You can read the license agreement by clicking the License Agreement button. You have the option to print the EULA in this License Agreement screen.

  1. Select one of the following setup types:

l Complete: All Endpoint Security and VPN components will be installed. l VPN Only: Only VPN components (IPsec and SSL) will be installed.

Install FortiClient on computers

  1. Select Next to continue. The Destination Folder screen is displayed.
  2. Select Change to choose an alternate folder destination for installation.
  3. Select Next to continue.

FortiClient will search the target system for other installed antivirus software. If found, FortiClient will display the Conflicting Antivirus Software page. You can either exit the current installation and uninstall the antivirus software, disable the antivirus feature of the conflicting software, or continue with the installation with FortiClient real-time protection disabled.

This dialog box is displayed during a new installation of FortiClient and when upgrading from an older version of FortiClient, which does not have the antivirus feature installed.

It is recommended to uninstall the conflicting antivirus software before installing FortiClient or enabling the antivirus real-time protection feature. Alternatively, you can disable the antivirus feature of the conflicting software.

  1. Select Next to continue.
  2. Select Install to begin the installation.
  3. Select Finish to exit the FortiClient Setup Wizard.

On a new FortiClient installation, you do not need to reboot your system. When upgrading the FortiClient version, you must restart your system for the configuration changes made to FortiClient to take effect. Select Yes to restart your system now, or select No to manually restart later.

FortiClient will update signatures and components from the FortiGuard Distribution Network (FDN).

  1. FortiClient will attempt to connect FortiClient Telemetry to the FortiGate.

If the FortiGate cannot be located on the network, manually connect FortiClient Telemetry. See Connect FortiClient Telemetry manually on page 54.

  1. To launch FortiClient, double-click the desktop shortcut icon.

Microsoft Server

You can install FortiClient on a Microsoft Windows Server 2008 R2, 2012, or 2012 R2 server. You can use the regular FortiClient Windows image for Server installations.

Please refer to the Microsoft knowledge base for caveats on installing antivirus software in a server environment. See the Microsoft Anti-Virus exclusion list: http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virusexclusion-list.aspx

Install                        on infected systems

Mac OS X computer

The following instructions will guide you though the installation of FortiClient on a Mac OS X computer. For more information, see the FortiClient (Mac OS X)Release Notes.

To install FortiClient (Mac OS X):

  1. Double-click the FortiClient .dmg installer file to launch the FortiClient installer. The FortiClient Installer will install FortiClient on your computer. Select Continue.
  2. Select the lock icon in the upper right corner to view certificate details.
  3. Read the Software License Agreement and select Continue. You have the option to print or save the Software Agreement in this window. You will be prompted to Agree with the terms of the license agreement.
  4. Select the destination folder for the installation.
  5. Select Install to perform a standard installation on this computer. You can change the install location from this screen.
  6. Depending on your system, you may be prompted to enter your system password.
  7. After the installation completes successfully, select Close to exit the installer.
  8. FortiClient has been saved to the Applications
  9. Double-click the FortiClient icon to launch the application. The application console loads to your desktop. Select the lock icon in the FortiClient console to make changes to the FortiClient configuration.

Install FortiClient on infected systems

The FortiClient installer always runs a quick antivirus scan on the target host system before proceeding with the complete installation. If the system is clean, installation proceeds as usual.

Any virus found during this step is quarantined before installation continues.

In case a virus on an infected system prevents downloading of the new FortiClient package, use the following process:

Install FortiClient as part of cloned disk images

  • Boot into “safe mode with networking” (which is required for the FortiClient installer to download the latest signature packages from the Fortinet Distribution Network).
  • Run the FortiClient installer.

This scans the entire file system. A log file is generated in the logs sub-directory. If a virus is found, it will be quarantined. When complete, reboot back into normal mode and run the FortiClient installer to complete the installation.

Microsoft Windows will not allow FortiClient installation to complete in safe mode. An error message will be generated. It is necessary to reboot back into normal mode to complete the installation.