Fortinet black logo

Use Cases

Home FortiClient 6.0.3 Use Cases

Configuring the FortiClient Compliance Profile in FortiOS

6.0.3
6.0.3
Copy Link
Copy Doc ID 071aa83e-d7c4-11e8-8784-00505692583a:452109
Download PDF

Configuring the FortiClient Compliance Profile in FortiOS

You will configure a FortiClient Compliance Profile in FortiOS. FortiGate provides these compliance rules to the endpoint. In this example, you will configure the profile to do the following:

  • Block the endpoint from accessing the network if it has critical or high vulnerabilities
  • Warn the endpoint if forticlient.exe is not running. The user can acknowledge and proceed past the warning to access the network.

  1. In FortiOS, go to Security Profiles > FortiClient Compliance.
  2. Create a new profile by selecting the + icon in the upper right corner.
  3. In the Profile Name field, enter the desired profile name.
  4. In the Assign Profile To field, select the desired device groups, user groups, and users to assign the profile to. In this example, we are assigning the profile to all Android phones and Windows PCs.
  5. Configure the Vulnerability Scan compliance rule:
    1. Enable Endpoint Vulnerability Scan on FortiClient.
    2. From the Vulnerability level dropdown list, select High. This means the non-compliance action will apply to all endpoints with vulnerabilities detected as High or Critical (the only level greater than High).
    3. For the Non-compliance action, select Block.
  6. Configure the running application compliance rule:
    1. Enable System Compliance
    2. Enable Check Running Applications.
    3. Click Create New.
    4. In the Application Name field, enter FortiClient.
    5. Ensure that Application Check Rule is set to Present.
    6. In the Process Name 1 field, enter forticlient.exe.
    7. Click OK.

  7. Click Apply.

    The compliance rule has been created. You can view it in Security Profiles > FortiClient Compliance.

Previous
Next

Configuring the FortiClient Compliance Profile in FortiOS

You will configure a FortiClient Compliance Profile in FortiOS. FortiGate provides these compliance rules to the endpoint. In this example, you will configure the profile to do the following:

  • Block the endpoint from accessing the network if it has critical or high vulnerabilities
  • Warn the endpoint if forticlient.exe is not running. The user can acknowledge and proceed past the warning to access the network.

  1. In FortiOS, go to Security Profiles > FortiClient Compliance.
  2. Create a new profile by selecting the + icon in the upper right corner.
  3. In the Profile Name field, enter the desired profile name.
  4. In the Assign Profile To field, select the desired device groups, user groups, and users to assign the profile to. In this example, we are assigning the profile to all Android phones and Windows PCs.
  5. Configure the Vulnerability Scan compliance rule:
    1. Enable Endpoint Vulnerability Scan on FortiClient.
    2. From the Vulnerability level dropdown list, select High. This means the non-compliance action will apply to all endpoints with vulnerabilities detected as High or Critical (the only level greater than High).
    3. For the Non-compliance action, select Block.
  6. Configure the running application compliance rule:
    1. Enable System Compliance
    2. Enable Check Running Applications.
    3. Click Create New.
    4. In the Application Name field, enter FortiClient.
    5. Ensure that Application Check Rule is set to Present.
    6. In the Process Name 1 field, enter forticlient.exe.
    7. Click OK.

  7. Click Apply.

    The compliance rule has been created. You can view it in Security Profiles > FortiClient Compliance.

Previous
Next