Call a Specialist Today! 800-886-5787 Free Shipping! Free Shipping!

Fortinet FortiClient
Fabric Agent for Visibility, Control, and ZTNA

 

FortiClient is a Fabric Agent that delivers protection, compliance, and secure access in a single, modular lightweight client. A Fabric Agent is a bit of endpoint software that runs on an endpoint, such as a laptop or mobile device, that communicates with the Fortinet Security Fabric to provide information, visibility, and control to that device. It also enables secure, remote connectivity to the Security Fabric.



The FortiClient Fabric Agent can:

  • Report to the Security Fabric on the status of a device, including applications running and firmware version.
  • Enable the device to connect securely to the Security Fabric over either VPN (SSL or IPsec) or ZTNA tunnels, both encrypted. The connection to the Security Fabric can either be a FortiGate Next-generation Firewall or SASE service.
  • Send any suspicious files to a Fabric Sandbox.
  • Enforce application control, USB control, URL filtering, and firmware upgrade policies.
  • Apply CASB controls to users accessing cloud-based applications.
  • Provide malware protection and application firewall service.

FortiClient Product Details

FortiClient can be purchased with three levels of capability: Zero Trust Security, Endpoint Security, and Cloud-based Endpoint Security.



FortiClient’s Fortinet Security Fabric integration provides endpoint visibility through telemetry and ensures that all Security Fabric components – FortiGate, FortiAnalyzer, EMS, managed APs, managed Switches, and FortiSandbox – have a unified view of endpoints in order to provide tracking and awareness, compliance enforcement, and reporting. Traditional virtual private network (VPN) tunnels or new, automatic ZTNA tunnels provide secure remote connectivity. Provide security and protection for endpoints when local or remote.

  • Unified Endpoint features including compliance, protection, and secure access into a single modular lightweight client.
  • Universal ZTNA, with automatic, encrypted tunnels for controlled validated per-session access to applications.
  • Advanced Threat Protection against exploits and advanced malware, powered by FortiGuard along with FortiSandbox integration.
  • Simplified Management and Policy Enforcement with FortiClient EMS, FortiClient Cloud, and FortiGate.

Central Management Tools

  • Simple and user-friendly UI
  • Remote FortiClient deployment
  • Real-time dashboard
  • Software inventory management
  • Active Directory (AD) integration
  • Central quarantine management
  • Automatic group assignment
  • Dynamic access control
  • Automatic email alerts
  • Supports custom groups
  • Remote triggers
  • On-premise and cloud-based options

Features & Benefits



ZTNA

Delivers better REMOTE ACCESS and consistent application access policies



FABRIC AGENT

Provides telemetry information and leverages integrations to the rest of the Fortinet SECURITY FABRIC


WEB FILTERING

Provides web security and CONTENT FILTERING




SOFTWARE INVENTORY MANAGEMENT

Enables visibility and license management



CASB

Control access to cloud-based applications, including visibility to shadow IT


AUTOMATED RESPONSE

Detects and isolates compromised endpoints



Bundles:


FORTICLIENT EDITION VPN / ZTNA EPP / APT MANAGED SERVICES
Zero Trust Security
Zero Trust Network Access (ZTNA)
Central Management using FortiClient Cloud
Central Logging and Reporting
SSL VPN with MFA
IPsec VPN with MFA
SSO Mobillity Agent
CASB (Inline and API)
IT Hygience
Vulnerability Agent and Remediation
FortiGuard Web Filtering
USB Device Control  
Endpoint Security (EPP)
FortiSandbox (On Premise or PaaS)  
FortiClient Cloud Sandbox  
AI-powered NGAV  
Automated Endpoint Quarantine  
Ransomware Protection  
Managed FortiClient Service
Endpoint Onboarding    
Initial Provisioning    
Security Fabric Setup/Integrationg    
Vulnerability Monitoring    
Endpoint Security Monitoring    
Additional Services
Best Practice Service (BPS) Consultation Account add-on Account add-on N/A
Forensic Analysis Service (FAS) Account add-on Account add-on Account add-on
24x7 Support
On-Premise/Air Gap Option  

Services:

FortiClient Managed Services

To assist and offload busy IT teams, Fortinet is offering FortiClient Managed services to streamline the configuration, deployment, and monitoring of FortiClient agents. Services included with this offering include the following.

  • Initial FortiClient Cloud provisioning: The managed services team works with customers to set up and configure their FortiClient Cloud environment for the following capabilities
    • Endpoint groups setup
    • ZTNA
    • VPN
    • Endpoint security
    • Vulnerability management
    • Security profiles and policies configuration
    • Endpoint posture check rules
    • Custom FortiClient installer creation and ongoing installer updates
  • Endpoint onboarding: The managed services team creates customer FortiClient installers for customerspecific use cases, sends invitation emails to users, and onboards them for FortiClient Cloud management and provisioning.
  • Security Fabric setup and integration: The managed services team integrates FortiClient Cloud with the Fortinet Security Fabric to support uses cases such as ZTNA, incidence response, and automation.
  • Endpoint vulnerability monitoring: The managed services team monitors customer endpoints to identify high risk endpoints and alert them of endpoints with critical and high vulnerabilities that would be easy targets for cyber attacks. The managed services team detects, reports, and guides customers to remediate those vulnerable endpoints.

Best Practice Service (BPS)

FortiClient Best Practices Service is an account-based annual subscription providing access to a specialized team that delivers remote guidance on deployment, upgrades, and operations. The service allows customers to share information about their deployment, user requirements, resources, and other related items. Based on the information provided, the BPS experts can provide recommended best practices, sample code, links to tools, and other materials or assistance to speed adoption and guide the customer towards best practice deployments. The team does not log into customer devices to make changes for them. This is a consulting and guidance service which may include sample configurations or playbooks. This is not an on-site professional services offer.

FortiClient Forensics Analysis Service

FortiClient Forensic Service provides analysis to help endpoint customers respond to and recover from cyber incidents. For each engagement, forensic analysts from Fortinet’s FortiGuard Labs will assist in the collection, examination, and presentation of digital evidence, including a final, detailed report. FortiClient subscriptions that include Forensic Services entitle the customer to call on these endpoint forensic experts whenever an event happens, offloading internal teams and accelerating investigations by analysts deeply familiar with the tools of endpoint security. Forensics Analysis Service is only available for cloud-hosted EMS deployments.

Fortinet CASB Service

To safely embrace the cloud, a Cloud Access Security Broker (CASB) can act as a gatekeeper by providing visibility, control, and protection to allow organizations to extend their security policies beyond their own infrastructure. CASB sits between cloud service users and cloud applications, monitors all activity, and enforces security policies. Fortinet’s dual mode solution provides security, scalability, and performance using both Inline and API-based CASB protections to address all cloud security needs. A FortiClient license enables Inline CASB services on a FortiGate and provides a license for FortiCASB, Fortinet’s API-based CASB service.

Feature Highlights:

Software Inventory Management

provides visibility into installed software applications and license management to improve security hygiene. You can use inventory information to detect and remove unnecessary or outdated applications that might have vulnerabilities to reduce your attack surface.

Windows AD Integration

helps sync organizations’ AD structure into the central management tools so that you use the same organizational units from your AD server for simplified endpoint management.

Real-time Endpoint Status

always provides current information on endpoint activity and security events.

Vulnerability Dashboard

helps manage organizations attack surface. All vulnerable endpoints are easily identified for administrative action.

Centralized FortiClient Deployment and Provisioning

that allows administrators to remotely deploy endpoint software and perform controlled upgrades. Makes deploying FortiClient configuration to thousands of clients an effortless task with a click of a button.

FortiSandbox integrations

assist with configuration and suspicious file analysis. Sandbox settings are synchronized across managed endpoints, simplifying setup. A detailed analysis of FortiClient submitted files is available in the central management tools. Administrators can see all the behavior activity of a file, including graphic visualization of the full process tree.

Telemetry

provides real-time endpoint visibility (including user avatar) on FortiGate console so administrators can get a comprehensive view of the whole network. Telemetry also ensures that all fabric components have a unified view of the endpoints.

Dynamic Access Control for Compliance Enforcement

requires EMS to create virtual groups based on endpoint security posture. These virtual groups are then retrieved by FortiGate and used in firewall policy for dynamic access control. Dynamic groups help automate and simplify compliance to security policies.

Endpoint Quarantine

helps to quickly disconnect a compromised endpoint from the network and stop it from infecting other assets.

Automated Response

helps detect and isolate suspicious or compromised endpoints without manual intervention.

Application-based Split Tunnel

supports source applicationbased split tunnel, where you can specify application traffic to exclude from the VPN tunnel, such as high bandwidth apps.

Web Filtering with Keyword Search / YouTube Filters

blocks web pages containing words or patterns that you specify as well as limit users’ access by blocking or only allowing specified YouTube channels.

Software Specifications:


  Windows MAC OS Android iOS Chromebook Linux
Zero Trust Security
Endpoint Telemetry
Compliance Enforcement Using Dynamic Access Control  
Endpoint Audit and Remediation with Vulnerability Scanning      
Remote Logging and Reporting  
IPSec VPN      
SSL VPN  
ZTNA Remote Accesss      
Windows AD SSO Agent        
USB Device Control        
Endpoint Security
Antivirus      
Cloud-based Threat Detection        
Sandbox (on-prem)      
Sandbox (cloud-based)        
Automated Endpoint Quarantine        
Web Filter  
AntiExploit          
Application Firewall        

Use Cases:

FortiClient is more than just an advanced endpoint protection solution with a built-in VPN client. It connects the endpoint with the Security Fabric and delivers integrated endpoint and network security. With the modular design, users can deploy FortiClient for some or all of the use cases.

Security Fabric Integration

Endpoint Visibility and Compliance Control

FortiClient ensures endpoint visibility and compliance throughout the Security Fabric and integrates endpoint and network security with automation and segmentation. FortiClient shares endpoint telemetry with the Security Fabric, enabling unified endpoint awareness.

In addition, it is also compatible with third-party anti-malware or endpoint detection and response (EDR) solutions.


Secure Remote Access (VPN, ZTNA)

Ensure secure remote access with always-on, SSL/IPsec VPN that supports network segmentation, conditional admission, and integrates with FortiAuthenticator for single sign on, and multi-factor authentication.



Traditional VPN

ZTNA Application Access

Endpoint Hardening

99% of the vulnerabilities exploited continue to be ones known by security and IT at the time of the incident. FortiClient enables vulnerability scanning with automated patching, software inventory, and application firewall to help reduce the attack surface and boost overall security hygiene.

As part of the telemetry shared throughout the Security Fabric, endpoint vulnerability information allows network security operations teams to take additional measures, such as dynamic access control, to help secure the environment.


The FortiClient vulnerability dashboard delivers detailed information including category, severity, and can pinpoint the affected endpoints.


Advanced Endpoint Protection

Secure endpoints with machine learning antimalware and behavioral-based anti-exploit.  Sandbox integrations detect advanced threats, customer malware, and script-based, file-less attacks. Application firewall, intrusion prevention system (IPS), botnet protection, and web content filtering provides additional layers of protection.

FortiClient also natively integrates with FortiSandbox. It can block the execution of any never-before seen file and automatically submit them to the sandbox for real-time analysis. Real-time threat intelligence from FortiSandbox is instantly shared across the enterprise to all endpoints.


The FortiClient endpoint management console shows detailed analysis from FortiSandbox.

Documentation:

Download the Fortinet FortiClient Datasheet (PDF).