Created on 06-14-2007 12:00 AM
Description | You can use the FortiClient Host Security application to provide
individualized web filtering for users of Citrix or Windows Terminal Server
on Windows networks. This article provides notes about installing the FortiClient application and configuring FortiGate firewall policies in this environment. |
Components |
|
Installation on Windows Terminal Server | On a single Windows Terminal Server, the standard FortiClient installation works as expected, allowing filtering policies to be created for both local and domain users. If you want to install the FortiClient application on multiple terminal servers with the same FortiClient configuration, there are two ways to easily propagate the configuration to all terminal servers:
or
|
Installation on Citrix Presentation Server | When installing the FortiClient application, select the Custom installation option and make sure that you do not install the VPN feature. Citrix uses the Windows IPsec service, which the FortiClient VPN would disable. After installing the FortiClient application, restart the Citrix server. This resolves the problem that the FortiClient installation can cause the Citrix console to lose communication with the server. |
FortiGate configuration | The FortiGate unit cannot authenticate Citrix or Windows Terminal Services users because it sees only the IP address of the terminal. These users are, however, authenticated by the Windows network when they log on. Configure firewall policies as needed to permit the Citrix Server or Windows Terminal Server to access the Internet. These policies must
|
Operation | When the user logs on to the Citrix or Windows Terminal Server, a FortiClient application instance starts and runs for the duration of the user's session. FortiClient web filtering applies the web filtering profile defined for that user. If the user is logged on via Citrix, the remote FortiClient application's icon appears in the user's system tray. If the user's computer also has FortiClient installed locally, two FortiClient icons are visible. The remote FortiClient application's console pertains to the user’s environment on the server, with the user’s local drives appearing to the anti-virus component as network drives (C$, etc.). |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.