Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Somashekara_Hanumant
Staff
Staff

Created on ‎05-26-2015 03:18 AM Edited on ‎06-06-2022 01:17 PM By Anonymous

Article Id 198630

Technical Tip: How to prevent users from unregistering FortiClient from their systems

Description

This article explains how an administrator can prevent users from unregistering FortiClient from their systems.

 

Scope

FortiClient


Solution

Users should register FortiClient with their gateway FortiGate unit. On the FortiGate it is necessary to configure respective webfilter profile to push for FortiClient. Then configure the endpoint client profile as below:

# config endpoint-control profile
    edit "test_profie"
            config forticlient-winmac-settings
                set forticlient-application-firewall enable
                set forticlient-application-firewall-list "block-p2p"
                set forticlient-wf-profile "web-filter-flow"
                set forticlient-settings-lock enable
                set forticlient-settings-lock-passwd 123456
                set client-log-when-on-net enable
                set forticlient-ad enable
                set forticlient-ui-options av wf af vpn
            end
            config forticlient-android-settings
            end
            config forticlient-ios-settings
            end
        set device-groups "windows-pc"
        set user-groups "sslgrp"
    next
end
 
Register the Forticlient to FortiGate where FCT-ACCESS is enabled.
 
# config system interface
    edit "port2"
        set vdom "root"
        set ip 10.129.0.60 255.255.254.0
        set allowaccess ping https ssh http telnet
        set type physical
        set listen-forticlient-connection enable
end
 
Install the complete FortiClient application 5.2.3 on the client system.

shreddy_FD36586_tn_FD36586-1.jpg

After registering:

shreddy_FD36586_tn_FD36586-2.jpg

If the end user tries to unregister FortiClient, it will prompt for a password, if the password is not correct the end user cannot unregister the FortiClient application.

shreddy_FD36586_tn_FD36586-3.jpg

 

3449
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.