What's new in this version: FortiClient 6.2.0 Expanding Fabric family: - Dynamic endpoint grouping/tagging and EMS connector (endpoint compliance) - Software Inventory logging to FortiAnalyzer - Remote logging support for FortiClient (Linux) - Automated syncing of the FortiGate Web Filter profile
FortiClient 6.0.5.0209 - Change log not available for this version
FortiClient 6.0.4.0182 - Change log not available for this version
FortiClient 6.0.3.0155
Split DNS support for SSL VPN: - FortiClient (Windows) now supports split DNS tunneling for SSL VPN
Basic USB device control: - You can use the USB device control feature to restrict access to USB ports on endpoints
Malware Protection: The following issues have been fixed in version 6.0.3.: - FortiClient (Windows) AV causes compilation error - Black screen for a few minutes after login/logoff - FortiClient (Windows) dashboard shows Sandbox as unauthorized even when the Test button shows it as valid - FortiClient (Windows) reports signature to be out-of-date if it is updated to the signature more than X days ago, regardless of version - AV RTP does not register to the Security Center in Windows 10 RS5 - Skype-received files do not trigger Sandbox scan - Able to delete/restore quarantine file via virus alert popup when managed via EMS - FortiClient (Windows) failed to block USB access for the first insertion when using the system - Built-in policy to block USB access
Web Filter: - Safe Search does not work - FortiClient (Windows) Web Filter enable/disable setting change failed to apply
Application Firewall: - Application Firewall cannot be set to invisible
Remote Access: - SSL VPN with certificate authorization does not work from tray, but works from console - IPsec resiliency error message '"failed to launch IPsec service" - Unable to select certificate for SSL VPN - Connecting to FortiGate clears authorized machine configuration (NAC node) - Current personal VPN vibrates back to others in dual registration mode - FortiClient (Windows) console on Windows 7 PCs inaccessible in Windows system tray - SSL VPN failure - Phase 1/phase 2 IKE proposal not populated for IPv6 tunnel - With IPv6 as remote gateway, custom port changes to the default after editing/saving - Failed to remove split tunnel - Save password, Auto-connect, and Always up do not display when VPN is down - 6.0.2 RC1 fails to connect to VPN from task tray with user certificate authentication (no username or password) - If FortiClient (Windows) 5.6.x is installed on a different drive (E:), manual upgrade to 6.0.x completes, but FortiClient (Windows) does not work after reboot - If Prompt on connect is selected, certificate filter does not work properly - Right-click is not working for username and password VPN fields - RSA new PIN mode does not work for IPsec v4/v6 tunnel - FortiClient (Windows) failed to switch auto-connect tunnels when FortiClient (Windows) is registered to FortiGate - FortiClient (Windows) VPN dashboard shows empty VPN tunnel after connecting from FortiTray - FortiClient (Windows) failed to show IP address for IPsec VPN - FortiClient (Windows) not displaying actual username used for SSL VPN tunnel - FortiClient (Windows) should report that VPN connection failed after two wrong passwords - Connected SSL VPN failed to display tunnel info when password contained special characters - FortiClient (Windows) IPsec VPN accepts invalid server certificate with IKEv2 - Backing up and restoring FortiClient (Windows) causes loss of IPsec VPN pre-shared key - Should not display certificate dropdown for tunnel without certificate configured - FortiClient (Windows) malware GUI says malware is quarantined when it is not - Default tab not working - Vulnerability schedule scan weekly is undefined in GUI
Install and upgrade: - GUI is blank - Remote Access (IPsec) loses saved username/password when upgrading to 6.0.0 - Update Diagnostic Tool's collected information - Unable to upgrade FortiClient (Windows) 6.0.1 to 6.0.2 from EMS with password lock enabled - Fortitray.exe running PowerShell error prompt - Unable to open FortiClient (Windows) GUI in Windows 10 Education
Install and uninstall: - FortiClient (Windows) has many leftover files after uninstallation
Other: - Remembered FortiGate list needs to refresh after clicking Forget - MSFT_HW_API does not survive ephemeral Microsoft service outages
FortiClient 6.0.0.0067 - Change log not available for this version
FortiClient 5.6.6.1167 - Change log not available for this version
FortiClient 5.6.5.1150 - Change log not available for this version
FortiClient 5.6.4.1131 - Change log not available for this version
FortiClient 5.6.2.1117 - Change log not available for this version
FortiClient 5.6.0.1075 - Updated to add support for FortiSandbox 2.4.0
FortiClient 5.4.3.0870 - Change log not available for this version
FortiClient 5.4.2.0860 - Removed 389753 from Resolved Issues - Added 389240 and 390356 to Resolved Issues - Moved 295413 to Known Issues - Updated description of 390265 - Added the following special notice: SSL VPN cannot connect after upgrade to FortiOS to 5.4.x on page 7
FortiClient 5.4.1.0840 - Change log not available for this version
FortiClient 5.4.0.0780
- FortiClient 5.4.0 has enhanced capabilities for the detection of Advanced Persistent Threats (APT). - Botnets running on compromised systems usually generate outbound network traffic directed towards Command and Control (C&C) servers of their respective owners. The servers may provide updates for the botnet, or commands on actions to execute locally, or on other accessible, remote systems. - When the new botnet feature is enabled, FortiClient monitors and compare network traffic with a list of known Command and Control servers. Any such network traffic will be blocked.
FortiSandbox Integration: - FortiSandbox offers the capabilities to analyse new, previously unknown and undetected virus samples in real- time. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as available on the FortiOS and FortiClient. If the file is not detected, but is an executable file, it is run (sandboxed) in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behaviour in the VM. - FortiClient integration with the FortiSandbox allows users to submit files to the FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they could not be detected by the local real-time scanning. Access to the downloaded file is blocked until scanning result is returned. - As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time, as well as on-demand, AV scanning. - This feature requires FortiSandbox running version 2.1 or newer and is only available on FortiClient (Windows).
WEB FILTERING
Enhanced Real-Time Protection Implementation : - The Real-Time Protection (RTP) or on-access feature in FortiClient uses a tight integration with Microsoft Windows to monitor files locally or over a network file system as they are being downloaded, saved, run, copied, renamed, opened or written to. The FortiClient driver coupling with Windows has been re-written to use modern API's provided by Microsoft. All basic features remain the same, with a few minor differences in behaviour. Some noticeable performance enhancements could be observed in various use case scenarios.
Web Filtering: - Web Browser Usage and Duration: - If configured, FortiClient will record detailed information about the user's web browser activities, such as: l Ahistoryofwebsitesvisitedbytheuser(asshowninregularwebbrowserhistory) - l Anestimateofthedurationorlengthofstayonthewebsite - These logs are sent to FortiAnalyzer, if configured. With FortiAnalyzer 5.4.0 or newer, the FortiClient logs sent - from various endpoints may be viewed in FortiView. - This feature requires FortiAnalyzer 5.4.0 or newer.
VPN
Authorized Machine Detection: - For enterprises where new computers may be brought into the organisation by employees, FortiClient may be configured to check or identify the computer, before allowing it to establish IPsec VPN or SSL VPN connection to the FortiGate. The administrator may configure restrictions with one or more of the following: - l Registrycheck:Ensureaspecificregistrypathcontainsapredeterminedvalue. l Filecheck:Verify:theexistenceofaspecificfileataspecifiedlocation. - l Applicationcheck:Ensurethataspecificapplicationisinstalledandrunning. - The verification criteria can be configured using advanced FortiClient XML configurations on the FortiGate or the EMS. - This applies to FortiClient (Windows) only. - New SSL VPN Windows Driver - The FortiClient SSL VPN driver, pppop.sys was re-written to use the latest Microsoft Windows recommended CoNDIS WAN driver model. The new driver is selected when FortiClient is installed on Windows 7 or higher. The SSL VPN driver included in the previous versions of FortiClient will still be maintained. - Endpoint Control What’s New in FortiClient (Windows) 5.4.0
New IPsec VPN Windows Driver: - FortiClient IPsec VPN drivers have been updated to support Microsoft Windows NDIS 6.3 specification. The new drivers are compatible with Microsoft Windows 8.1 or higher.
Endpoint Control: - Integration with the New Enterprise Management Server - The Enterprise Management Server (EMS) is a new product from Fortinet for businesses to use to manage their computer endpoints. It runs on a Windows Server,so it does not require a physical Fortinet device. Administrators may use it to gain insight on the status of their endpoints. The EMS supports devices running Microsoft Windows, Mac OS X, Android and iOS. - FortiClient Endpoint Control protocol has been updated to seamlessly integrate with the EMS. Various changes were added to support EMS features, such as: - FortiGate Network Access Control with EMS Integration: - When creating a FortiClient profile on EMS, the administrator can choose to configure the FortiClient to register to the same EMS or to a FortiGate. Changes in FortiClient 5.4.0 allow it to register to a FortiGate, while simultaneously, notifying the EMS of its registration status. The FortiClient EC registration to the FortiGate is required for Network Access Compliance (NAC). The administrator can configure the FortiGate to allow access to network resources only if the client is compliant with the appropriate interface EC profile. - This feature requires FortiOS 5.4.0 or newer. - Quarantine an Infected Endpoint from the FortiGate or EMS - A computer endpoint that is considered to be infected may be quarantined by the FortiGate or EMS (Enterprise Management Server) administrator. FortiClient needs to be registered and online, using Endpoint Control, to the said FortiGate or EMS. - Once quarantined, all network traffic to or from the infected endpoint will be blocked locally. This allows time for remediation actions to be taken on the endpoint, such as scan and clean the infected system, revert to a known clean system restore point or re-install the operating system. - The Administrator may un-quarantine the endpoint in the future from the same FortiGate or EMS.
FortiClient GUI: - This feature requires either FortiOS 5.4.0 or EMS 1.0.0. - Importing FortiGate CA Certificate after Endpoint Control Registration - When the FortiGate is configured to use SSL deep inspection, users visiting encrypted websites will usually receive an invalid certificate warning. The certificate signed by the FortiGate does not have a Certificate Authority (CA) at the endpoint to verify it. Users can manually import the FortiGate CA certificate to stop the error from being displayed. However, all users will have to do the same. - When registering Endpoint Control (EC) to a FortiGate, the FortiClient will receive the FortiGate's CA certificate and install it into the system store. If Firefox is installed on the endpoint, the FortiGate's CA certificate will also be installed into Firefox certificate store. Thus, the end user will no longer receive the invalid certificate error message when visiting encrypted websites. - The FortiGate CA certificates will be removed from the system store if FortiClient is uninstalled.
Enhancement to On-net/Off-net Configuration: - The on-net feature requires the use of a FortiGate as the DHCP server. This is usually configured on the same FortiGate that the FortiClient will be registered. When the device on which FortiClient is running has an IP address from the FortiGate's DHCP server, it is on-net. For any other IP addresses, it is off- net. - There is a new way to configure the on-net feature. On the FortiGate, the DHCP server can be used, or several network subnets can be provided.
FortiClient will be on-net if: - Otherwise, it is off-net.
FortiClient GUI AntiVirus Settings Page: - With the introduction of botnet detection and the integration with FortiSandbox, the AV settings page on the FortiClient GUI has been updated to allow configuration of the new features. The AV settings page is accessible from the FortiClient dashboard. Select the AV tab on the left pane. Then click the settings icon on Real-Time Protection in the right pane.
The following may be selected on the AV settings page: - FortiClient (Windows) 5.4.0: - The use of FortiSandbox requires that file scanning is enabled.
FortClient Banner Design: - If FortiClient is running in standalone mode and not registered to a FortiGate or EMS, a single banner at the bottom of the GUI is displayed. This is true for both the FortiClient full version, as well as the VPN only version. When registered to a FortiGate or EMS, the banner is hidden by default. Similarly, when created from a FortiClient Configurator, no banner is displayed by default.
Logging: - Enhancement to FortiClient Logs - FortiClient will create a log entry to show just the URL visited by the user through a web browser. This is in addition to the network level logs generated by FortiClient.
FortiClient 5.2.4.0650 - FortiClient 5.2.4 supports Windows 10. If upgrading from Windows 7 or 8.1 to Windows 10, please uninstall any installed FortiClient, reboot the system, and reinstall FortiClient 5.2.4. Please note, in this scenario, using the Repair option in the Programs and Features Control Panel does not reinstall FortiClient properly. - The OpenSSL library has been updated to the latest version 1.0.2d. - FortiOS 5.4 offers the FortiGate administrator the ability to quarantine an endpoint. Traffic from a quarantined endpoint will be dropped by the FortiGate until the endpoint has been released from quarantine. If the endpoint is running FortiClient 5.2.4 or newer) and registered to the FortiGate using Endpoint Control, FortiClient will notify the endpoint user that it has been quarantined by the FortiGate administrator. The FortiClient GUI will change to convey the message. The GUI will remain above any other opened window and cannot be closed. Once released from quarantine the FortiClient GUI will revert to normal operations.
FortiClient 5.2.3.0633 - FortiClient may be configured to send log messages to a syslog server. The following XML configuration may be used to enable this feature. Set to faz in order to switch logging to FortiAnalyzer. This is the default. Provide the IP address of the syslog server in - The OpenSSL library has been updated to the latest version 1.0.1k.
FortiClient 5.0.6.320 - Vulnerability Scanner (Vulnerability Scan) and firewall applications (Application Firewall) with version 5.0.4.276 and above has been removed for unmanaged clients. FortiGate administrators can enable the display of these functions (for FortiClient) for the registered FortiGate users, so that these functions are still available but are no longer free. - Improved usability of the repackager tool - Repackaged clients can be upgraded - Option to drop IPv6 traffic when an IPsec VPN connection is established. IPv4 traffic is sent through the tunnel or otherwise, depending on whether split tunnel is used.
FortiClient 6.2.0 相關參考資料
(Windows) Release Notes | FortiClient 6.2.0 | Fortinet Documentation ...
Introduction. This document provides a summary of enhancements, support information, and installation instructions for FortiClient (Windows) 6.2.0 build 0780.
https://docs.fortinet.com
Administration Guide | FortiClient 6.2.0 | Fortinet Documentation Library
Connection Name. Enter a name for the connection. Description. (Optional) Enter a description for the connection. Remote Gateway. Enter the IP ...
https://docs.fortinet.com
FortiClient | Fortinet Documentation Library
FortiClient strengthens endpoint security through integrated visibility, control, and ... FortiClient Administration Guide · 6.2.0. Last updated May. 15, 2019 ...
https://docs.fortinet.com
New Features | FortiClient 6.2.0 | Fortinet Documentation Library
For FortiGate administrators, a free version of FortiClient VPN is available which supports basic ... Full-featured FortiClient 6.2.0 requires registration to EMS.
https://docs.fortinet.com
|