© Copyright Fortinet Inc. All rights reserved.

Inside FortiOS End Point ControlVersione 5.2.4 – Mar 2015Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche

2

FortiOS Features

3

Overview End Point Control

FortiClient Multi-OS support Support Posture Checking Support remote user and device

identification “Off-net” and Mobile Security Policy

Enforcement VPN & Security Setting Provision Custom Install and Rebranding Endpoint Logging

Ensures that workstation computers (endpoints) meet security requirements

Distribute Client Security & VPN Settings

Logs Client activities

FortiClient

V5.2

4

FortiClient V5.2 End Point Control

Windows Mac OSX iOS AndroidIPSec VPN ✓ ✓ - ✓SSL VPN ✓ ✓ Web Mode Only ✓2FA ✓ ✓ ✓ ✓Anti-Virus ✓ ✓ - -

Web Filtering ✓ ✓ ✓ ✓WAN Optimization ✓ - - -

Registered for Central Management

Config Provisioning ✓ ✓ ✓ ✓Logging (to FMGR/FAZ) ✓ ✓ - -

Windows AD SSO Agent ✓ ✓ - -

Application Firewall ✓ ✓ - -

Vulnerability Scanning & Reporting ✓ ✓ - -

5

Posture Checking

Enforcement Captive Portal Check for install and

running of FortiClient Replacement page with

download and installation instruction

End Point Control

V5.2

6

Mobile Security End Point Control

INTERNET

LAN

OFF

ON

• FortiClient enrolls into the FortiGate and then receives its end point policy

• FortiClient uses last known security policies & VPN Configurations

Configuration Provisioning Provides consistent end point

security policies “on-net” and “off-net”

Reuse *Application Control & Web Filter Profiles

1

2

* Application control config for Windows and OS X only

7

Mobile Security End Point Control

INTERNET

LAN

OFF

ON

• FortiGate informs FortiClient that it’s “on-net” using DHCP “cookies”

• FortiClient Doesn’t receive “on-net” information and activate “off-net” mode

On/off-net Properties FortiClient adopts separate “on-

net” and “off-net” configurations depending on locations.

“On-net” options include turning off local security features, enables client logging

“Off-net” options include turning on security features and enable VPN automatically.

1

2

* Application control config for Windows and OS X only

V5.2

8

Mobile Security

Endpoint Profile For distributing Endpoint

Configurations Reuse UTM Profiles

» App Control» Web Filter

Provision Multiple VPN settings Multiple Endpoints may be

created and assigned to different Device Groups

End Point Control

V5.2

9

FGT identify device/user upon successful Logon

Mobile Security

Endpoint Control Profiles Assignment Multiple profiles can be assigned to Device Groups/User

groups/Users

2

User logon using Authentication Service (eg.

AD, radius etc)1

Push corresponding EC profile to FortiClient

3

End Point Control

10

Mobile Security End Point Control

Advanced Endpoint Profile Setting1. Setup and configure a sample client2. Export the setting and then import into FortiGate3. Distribute settings to other clients

1

2

3

11

Contattaci Gratuitamente …

Certified experts in Fortimail and email security

Certified experts in Fortiweb and web application firewall protection

Certified experts in FortiAp, FortiWifi and wireless security

CONTACTSTel. +39 049 8843198 DIGIT (5)contacts@lanewan.it

www.lanewan.it

In questi anni di partnership con la casa madre, Lan & Wan Solutions ha ottenuto tutte le specializzazioni previste nei vari iter di certifica-zione, raggiungendo la qualifica di Partner Of Excellence.