Tag Archives: forticlient needs

Application Firewall

Application Firewall

FortiClient can recognize the traffic generated by a large number of applications. You can create rules to block or allow this traffic per category, or application.

Enable/disable Application Firewall

The administrator enables the application firewall feature by using a FortiClient profile. The FortiClient profile includes the application firewall configuration.

The FortiClient Endpoint Control feature enables the site administrator to distribute an Application Control sensor from FortiGate/EMS.

On the FortiGate, the process is as follows:

l Create an Application Sensor and Application Filter on the FortiGate, l Add the Application Sensor to the FortiClient Profile on the FortiGate.

On EMS, the application firewall is part of the endpoint profile.

For more information on configuring application control security profiles, see the FortiOS Handbook -The Complete Guide to FortiOS available in the Fortinet Document Library.

View application firewall profiles

To view the application firewall profile, select Show all.

Application Firewall                                                                                                 View blocked applications

View blocked applications

To view blocked applications, select the Applications Blocked link in the FortiClient console. This page lists all applications blocked in the past seven days, including the count and time of last occurrence.

Web Security/Web Filter

Web Security/Web Filter

Web Security/Web Filter allows you to block, allow, warn, and monitor web traffic based on URL category or custom URL filters. URL categorization is handled by the FortiGuard Distribution Network (FDN). You can create a custom URL filter exclusion list which overrides the FDN category.

When a FortiClient endpoint is connected to FortiGate/EMS, the Web Security tab becomes the Web Filter tab in the FortiClient console.

Enable/disable Web Security/Web Filter

For FortiClient in standalone mode, you can enable, disable, and configure web security by using the FortiClient console. You can define what sites are allowed, blocked, or monitored, and you can view violations.

For FortiClient in managed mode, an administrator enables, disables, and configures Web Filter by using a FortiClient profile. See FortiClient profiles on page 29.

Enable/disable Web Security

This setting can only be configured when FortiClient is in standalone mode.

To enable or disable Web Security:

  1. On the Web Security tab, toggle the Enable/Disable link in the FortiClient console. Web Security is enabled by default.

The following options are available:

Enable/Disable Select to enable or disable Web Security.

Configure Web Security profiles

X Violations (In the Last 7 Days) Select to view Web Security log entries of the violations that have occurred in the last 7 days.
Settings Select to configure the Web Security profile, exclusion list, and settings, and to view violations.

Enable/disable Web Filter

This setting can only be configured when FortiClient is in managed mode. When FortiClient is connected to a FortiGate/EMS, the Web Security tab will become the Web Filter tab.

A FortiClient profile can include a Web Filter profile from a FortiGate or EMS.

On a FortiGate device, the overall process is as follows:

l Create a Web Filter profile on the FortiGate, l Add the Web Filter profile to the FortiClient Profile on the FortiGate.

On EMS, web filtering is part of the endpoint profile.

Configure Web Security profiles

This setting can only be configured when FortiClient is in standalone mode.

You can configure a Web Security profile to allow, block, warn, or monitor web traffic based on website categories and sub-categories.

Edit Web Security exclusion lists                                                                             Web Security/Web Filter

To configure web security profiles:

  1. On the Web Filter tab, click the Settings
  2. Click a site category.
  3. Click the Action icon, and select an action in the drop-down menu.

The following actions are available:

Allow Set the category or sub-category to Allow to allow access.
Block Set the category or sub-category to Block to block access. The user will receive a Web Page Blocked message in the web browser.
Warn Set the category or sub-category to Warn to block access. The user will receive a Web Page Blocked message in the web browser. The user can select to proceed or go back to the previous web page.
Monitor Set the category or sub-category to Monitor to allow access. The site will be logged.

You can select to enable or disable Site Categories in the Web Security settings page. When site categories are disabled, FortiClient is protected by the exclusion list.

  1. Click OK.

Edit Web Security exclusion lists

This setting can only be configured when FortiClient is in standalone mode.

You can add websites to the exclusion list and set the permission to allow, block, monitor, or exempt.

Edit Web Security exclusion lists

To manage the exclusion list:

  1. On the Web Security tab, click the Settings
  2. Click the Exclusion List
  3. Click the Add icon to add URLs to the exclusion list.

If the website is part of a blocked category, an allow permission in the Exclusion List would allow the user to access the specific URL.

  1. Configure the following settings:
Exclusion List Select to exclude URLs that are explicitly blocked or allowed. Use the add icon to add URLs and the delete icon to delete URLs from the list. Select a URL and select the edit icon to edit the selection.
URL Enter a URL or IP address.
Type Select one of the following pattern types from the drop-down list:

l Simple l Wildcard l RegularExpression

Actions Select one of the following actions from the drop-down list:

Block: Block access to the web site regardless of the URL category or sub-category action.

Allow: Allow access to the web site regardless of the URL category or sub-category action.

Monitor: Allow access to the web site regardless of the URL category or sub-category action. A log message will be generated each time a matching traffic session is established.

  1. Click OK.

Configure Web Security settings                                                                             Web Security/Web Filter

Configure Web Security settings

This setting can only be configured when FortiClient is in standalone mode.

To configure web security settings:

  1. On the Web Security tab, click the Settings icon
  2. Click the Settings
  3. Configure the following settings:
Enable Site Categories Select to enable Site Categories. When site categories are disabled, FortiClient is protected by the exclusion list.
Log all URLs Select to log all URLs.
Identify user initiated web browsing Select to identify web browser that is user initiated.
  1. Click OK.

View violations

This section applies to FortiClient in standalone mode and managed mode.

To view Web Security violations:

  1. On the Web Security tab, click the Settings

Alternately, you can click the X Violations (In the Last 7 Days) link.

  1. Click the Violations

View violations

The following information is displayed.

Website The website name or IP address.
Category The website sub-category.
Time The date and time that the website was accessed.
User The name of the user generating the traffic. Hover the mouse cursor over the column to view the complete entry in the pop-up bubble message.
  1. Click Close.

 

Install FortiClient as part of cloned disk images

Install FortiClient as part of cloned disk images

If you configure computers using a cloned hard disk image, you need to remove the unique identifier from the FortiClient application. You will encounter problems with FortiGate if you deploy multiple FortiClient applications with the same identifier.

This section describes how to include a custom FortiClient installation in a cloned hard disk image but remove its unique identifier. On each computer configured with the cloned hard disk image, the FortiClient application will generate its own unique identifier the first time the computer is started.

To include a FortiClient installation in a hard disk image:

  1. Install and configure the FortiClient application to suit your requirements. You can use a standard or a customized installation package.
  2. Right-click the FortiClient icon in the system tray and select Shutdown FortiClient.
  3. From the folder where you expanded the FortiClientTools.zip file, run RemoveFCTID.exe. The RemoveFCTID tool requires administrative rights.
  4. Shut down the computer.

Do not reboot the Windows operating system on the computer before you create the hard disk image. The FortiClient identifier is created before you log on.

  1. Create the hard disk image and deploy it as needed.