FortiClient Endpoint Security

Endpoint Security Software
Suite for PCs and Laptops
••••••••••••••••••
••••••••••••••••••
FortiClient™
Datasheet
Modular Security Client for PC and Mobile Endpoints
Personal computer (PC) desktop and laptop devices have empowered today’s business users with the capability to access enterprise applications
and mission critical data both in the office and on the road. While expanding productivity, remote access to the secure network perimeter increases
security risk. Unfortunately, all devices are exposed to blended threats such as viruses, trojans, worms, spyware, keyloggers, botnets, spam and
Internet attack. While utilizing network security architectures that isolate segments from one another can mitigate infection or breach, PCs within
the same subnet can still potentially infect one another.
Users may inadvertently circumvent policy by bringing in portable storage devices, failing to keep antivirus signatures up-to-date, or even disabling
personal firewall protection. Users accessing inappropriate and dangerous web content jeopardize device integrity, negatively impact productivity
and create security and legal exposure. While point product security technology, such as antivirus agents, are available to protect devices from
certain threats, such methods fall short from comprehensively protecting against blended threats and do not enforce content access guidelines.
FortiClient offers the full range of Fortinet threat protection to PCs and laptops, even when being used on insecure public networks. This
comprehensive, modular protection suite secures desktops against viruses, trojans, worms and more. The FortiClient product is a client-based
software solution designed to be used in connection with our FortiGate appliances to provide security features like Endpoint Control and WAN
Optimization for enterprise computers. The feature set includes VPN (IPSec and SSL), antivirus/antispyware, personal firewall, Web filtering, and
antispam – each with separate modular installs to completely avoid any potential conflicts with other security software. Powered by FortiGuard
security services, FortiClient has access to constantly-updated protection on a real-time basis against current and emerging threats.
Features and Benefits
.
FortiClient Console
Endpoint Control
Ties into your FortiGate appliance to monitor and enforce endpoint security
policy at the network firewall, including FortiClient version enforcement,
ensuring signatures are up-to-date and personal firewall is enabled.
Application Detection
Extends Endpoint Control to allow admins to detect if endpoints run applications against security policy and automates denial of network access.
Endpoint Management
Ties into your FortiManager appliance to discover, deploy, update and
monitor clients on the network. Ties into your FortiAnalyzer appliance for
advanced reporting that leverages FortiClient logs.
Secure IPSec VPN Client
Empowers mobile laptops and remote desktops with the capability to access enterprise applications securely with DES / 3DES encryption.
SSL VPN Tunnel Client
Connects securely from anywhere for remote access to web applications
behind the firewall, protecting confidential communications.
WAN Optimization
Speeds services like VPN for remote PC connections over the WAN.
Antivirus & Antispyware
Provides comprehensive protection against viruses, spyware, keyloggers,
Trojans, adware and grayware on the client, with updates by FortiGuard.
Powerful Personal Firewall
Monitors network traffic and enforces the appropriate application access
control in your security policies.
Web Filtering
Provides real-time web content access enforcement to ensure compliance.
Advanced Antispam
Built in antispam that incorporates into MS Outlook to reduce unsolicited
emails, email-borne viruses and phishing attempts.
Blended Threats and Compliance Requirements
As Internet attack sophistication increases with blended threats, an endpoint security solution that reflects that sophistication makes sense. An
integrated protection suite including antispam, Web filtering, antivirus and firewall provides advanced protection against multi-vector attacks that
may include email, Web and trojans that attempt to open network connections through a backdoor. With breach incidents affecting the bottom line,
government and industry regulators are looking at endpoint security. Payment Card Industry (PCI) requirement 1.4 specifies installation of personal
firewall software on mobile and employee-owned computers. HIPA A healthcare EPHI safeguards address protection from malicious software.
FortiClient Deployment ScenariosFortinet Security Framework
FortiClient plays an important role in completing most
any FortiGate installation. This advanced endpoint
protection solution helps close potential security gaps
in network architecture, strengthening your security
posture by adding an essential layer of protection to
PCs and laptops connecting from the LAN or from offsite remote locations. FortiClient provides integration
with FortiGate, FortiManager and FortiAnalyzer.
FortiGate
FortiClient
FortiWifi
FortiManager
FortiAnalyzer
FortiClient
Enhances FortiGate Endpoint Control
WAN Optimization
FortiGate users benefit from endpoint control,
enforcing a policy based approach to FortiClient use.
•
•
•
Endpoint Control with Application Detection
VPN (IPSec and SSL)
WAN Optimization
In compliance
with policy thru
VPN tunnel
Outdated version
of FortiClient
Outdated AV
signatures on
FortiClient
FortiGate
Running
application that
violates policy
FortiClient
Eases Deployment with FortiManager
FortiManager users benefit from streamlined
FortiClient deployment and centralized management.
•
•
•
Bulk Deployments of FortiClient Updates
Auto Discovery of New ForitClients
Set Management Events and Alerts
FortiClient update
deployments
Auto discover
FortiClients on
the network
FortiManager
Schedule alerts,
management
events, update
FortiClient
Integrates with FortiAnalyzer Reporting
FortiAnalyzer users benefit from FortiClient log capture
for integrated endpoint reporting and analysis.
•
•
•
Endpoint Security Reports
Automate Report Scheduling
Vulnerability Analysis
FortiClient Logs
FortiManager
Capture
FortiClient logs
for reporting
Modular Installation and Targeted Scanning
Avoids Potential Security Conflicts
FortiClient includes a modular installation feature to avoid potential
conflicts with other client security. Preserve existing client security
investments while leveraging additional client security features.
Administrators can pick and choose. FortiClient offers a number of
tools to manage multi-client installations with FortiManager.
•
•
•
•
•
Install FortiClient using Active Directory Server
Create a network installer image
Install FortiClient as part of a cloned disk image
Install FortiClient on Citrix Server for web filtering
Create a Custom Installation Package with FCRepackager (included)
Targeted Scanning
FortiClient also can target scanning for faster scan times, including
exclusion of Exchange or SQL Server filesystem files and extensions.
FortiClient Editions
Fortinet offers FortiClient in two editions: a standard edition for small business and consumers, and a premium edition for mid-sized enterprises and
other large organizations. Both editions can be used either as a stand-alone product, or in combination with FortiGate and other Fortinet products.
The premium edition includes antispam, enables central management with FortiManager, and comes with Enhanced Support.
Comparison
FortiClient Standard Edition
FortiClient Premium Edition
Antivirus/Antispyware....................................... Yes.................................................................... Yes.....................................................................
Personal Firewall.............................................. Yes.................................................................... Yes.....................................................................
VPN (SSL and IPSec)......................................... Yes.................................................................... Yes.....................................................................
Web Content Filter............................................ Yes.................................................................... Yes.....................................................................
FortiGuard updates........................................... Yes.................................................................... Yes.....................................................................
Endpoint Control w/ Application Detection*...... Yes.................................................................... Yes.....................................................................
WAN Optimization*............................................ Yes.................................................................... Yes.....................................................................
Antispam........................................................... No..................................................................... Yes.....................................................................
Extended Signature Database Updates............. No..................................................................... Yes.....................................................................
Logging............................................................. No..................................................................... Yes.....................................................................
Central Management**..................................... No..................................................................... Yes.....................................................................
Enhanced Support............................................ No..................................................................... Yes.....................................................................
* Required FortiGate
** Required FortiManager
FortiClient Features
FortiClient supports the following features:
Central management of
devices using FortiManager system
Provides enforcement of security policies and configuration lock down of devices with a password
override feature available. Bulk installs via Windows Installer script feature for FortiClient.
Local antivirus, antispam
and Web content filtering
signature updates
FortiManager’s Update Manager provides local hosting and deployment of FortiGuard Security
Subscription Services for FortiClient. FortiGuard updates include antivirus/antispyware, web content
filtering, application detection and antispam.
Single security agent
available in two modes
Flexible product
packaging
FortiClient supports a “suite” mode which includes the complete security feature set. FortiClient also
supports a “modular” install that lets you install only what you need.
FortiClient is available in enterprise bundles at volume pricing levels based on quantity and level of
support services. Fortinet provides a complete multi-layered suite of endpoint security features in
FortiClient at the price point of traditional single antivirus security agents.
Centralized Policy Management
Fortinet’s management system makes
deployment, configuration and policy
control quick and easy.
Deployment Scalability
FortiClient deployments can scale to an
unlimited number of devices and receive
security subscription updates from the
FortiGuard update service or from the
FortiManager system.
Low Total Cost of Ownership
Unlike point product agents that provide a
single security feature, FortiClient is a true
unified security agent that bundles all the
necessary capabilities into a single low cost
and easy to manage application.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
TECHNICAL SPECIFICATIONS AND FEATURES
GENERAL
Endpoint Control with Application Detection
Anti-Leak Banned Word List
Desktop Antivirus
Remote VPN Client
WAN Optimization Client
Personal Firewall
Antivirus Scanning / Cleaning
Quarantine Infected Files
Registry Monitoring
User-Definable File Types for Scanning
Scans Compressed Files
Scheduled Scanning
Antivirus and Spyware Scanning
Manual and Scheduled Updates
Antivirus Logs
PERSONAL FIREWALL
Configurable Network Security Zones
Intrusion Prevention
Advanced Firewall Rules
Security Levels: Low, Medium, and High
Application Access Control
Intrusion Blocking
Zone-Based Traffic Control
Active Connection Monitor
SSL VPN
IKE Negotiation
Retrieve Dropped Connections
VPN Monitor
Policy Compliancy Tool
WEB CONTENT FILTERING
Multiple Categories
HTTPS Site Inspection/Blocking
Password Protected Config
Customizable Block Profiles
Predefined Usage Profiles for Adults and Children
User Definable Block / Bypass List
Continuously Updated Database
ANTISPAM
Customizeable Banned Word List
Customizeable Black/White List
Continuously Updated Database
Automatic Submission of MIS-Rated Emails
CRYPTOGRAPHY
3DES And DES
SHA-1 And MD5
AES (128, 192, 256-Bit)
PKI
PKCS #7 Certificate Chains
PKCS #12 Certificate Import
CENTRALIZED MANAGEMENT
Client Version and Status Monitoring
Update Server Override
Central Logging and Reporting
Configuration Lockdown
Group Configurations
USER AUTHENTICATION
Extended Authentication (XAUTH)
Management, Logging, and Monitoring
Searchable VPN Logs
VPN Tunnel Diagnostics Test
VPN Connection Monitor
Packet Logs
ANTIVIRUS / ANTISPYWARE
Configurable File Types to Scan Including Files with No
Extension
Manual Scan
Real-time Protection
Automatic Submission of Suspicious Files to Fortinet
Notification Virus Signature is Out of Date
Email Scanning Incoming and Outgoing Including Attachments
Heuristics Scanning
Virus File Quarantine
IPSEC VPN
Autokey IKE (Preshared) / Authkey IKE Certificate
ESP and AH
NAT Traversal
Main and Aggressive Mode IKE
Redundant Gateway Support
DHCP over IPSec
Manual Virtual IP
Multiple Remote Networks
VPN Policy Retrieval from FortiGate® Unit
Dead Peer Detection
Simplified Configuration Process
Split Tunneling
SYSTEM REQUIREMENTS
To install FortiClient you need:
Pentium processor or equivalent
Compatible operating system and minimum RAM:
• Microsoft Windows 2000: 128 MB
• Microsoft Windows XP 32-bit and 64-bit: 256 MB
• Microsoft Windows Server 2003 32-bit and 64-bit: 384 MB
• Microsoft Windows Server 2008 32-bit and 64-bit: 512 MB
• Microsoft Windows Vista 32-bit and 64-bit: 512 MB
• Microsoft Windows 7 32-bit and 64-bit: 512 MB
Compatible email application for the AntiSpam feature:
• Microsoft Outlook 2000 or later
• Microsoft Outlook Express 2000 or later
Compatible email application for the AntiLeak feature:
• Microsoft Outlook 2000 or later
100 MB hard disk space
Native Microsoft TCP/IP communications protocol
Native Microsoft PPP dialer for dial-up connections
Ethernet connection
LANGUAGE SUPPORT
English
French
Japanese
Korean
Simplified Chinese
Slovak
FortiGuard® Subscription Services
Includes:
• A utomatic updates from over 50 redundant high-speed database servers around the globe.
• C omplete Wildlist virus protection for over 30,000 active viruses from FortiGuard’s active database.
• R eal-time signature updates for protection against over 5,100 threats.
• 7 7 rated Web categories for more accurate Web content filtering.
• W eb filtering for more than 47 million URLs with more than 70 languages supported.
FortiCare® Subscription Services
ƒƒ
ƒƒ
8x5 Enhance Support (Optional)
Premium Support (Optional)
ƒƒ
ƒƒ
24x7 Comprehensive Support (Optional)
Professional Services (Optional)
ƒƒ
90-Day Limited Software Warranty
About Fortinet (www.fortinet.com)
Fortinet is a leading provider of network security appliances and the market leader in Unified Threat Management or UTM. Fortinet solutions were built from the ground up to
integrate multiple levels of security protection -- including firewall, VPN, antivirus, intrusion prevention, Web filtering, spyware prevention and antispam -- designed to help
customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that
scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the
only security products that are certified in five programs by ICSA Labs: Firewall, Antivirus, IPSec VPN, Network IPS and Antispam. Fortinet is based in Sunnyvale, California.
Global Headquarters
Fortinet Incorporated
1090 Kifer Road, Sunnyvale, CA 94086 USA
Tel +1-408-235-7700
Fax +1-408-235-7737
www.fortinet.com/sales
EMEA Sales Office-France
Fortinet Incorporated
120 rue Albert Caquot
06560, Sophia Antipolis, France
Tel +33-4-8987-0510
Fax +33-4-8987-0501
APAC Sales Office-SINGAPORE
Fortinet Incorporated
61 Robinson Road
#09-04 Robinson Centre
Singapore 068893
Tel: +65-6513-3730
Fax: +65-6223-6784
Copyright© 2009 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company
names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may
affect performance results, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the identified product will perform
according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet
reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No.
5,623,600.
FTC-4.1-DAT-R1-0909
Open as PDF
Similar pages