Description
This article explains how an administrator can prevent users from unregistering FortiClient from their systems.
Scope
FortiClient
Solution
Users should register FortiClient with their gateway FortiGate unit. On the FortiGate it is necessary to configure respective webfilter profile to push for FortiClient. Then configure the endpoint client profile as below:
# config endpoint-control profile
edit "test_profie"
config forticlient-winmac-settings
set forticlient-application-firewall enable
set forticlient-application-firewall-list "block-p2p"
set forticlient-wf-profile "web-filter-flow"
set forticlient-settings-lock enable
set forticlient-settings-lock-passwd 123456
set client-log-when-on-net enable
set forticlient-ad enable
set forticlient-ui-options av wf af vpn
end
config forticlient-android-settings
end
config forticlient-ios-settings
end
set device-groups "windows-pc"
set user-groups "sslgrp"
next
end
Register the Forticlient to FortiGate where FCT-ACCESS is enabled.
# config system interface
edit "port2"
set vdom "root"
set ip 10.129.0.60 255.255.254.0
set allowaccess ping https ssh http telnet
set type physical
set listen-forticlient-connection enable
end
Install the complete FortiClient application 5.2.3 on the client system.
After registering:
If the end user tries to unregister FortiClient, it will prompt for a password, if the password is not correct the end user cannot unregister the FortiClient application.