FortiClient

What's new in this version:

FortiClient 6.0.0.0067
- Change log not available for this version

FortiClient 5.6.6.1167
- Change log not available for this version

FortiClient 5.6.5.1150
- Change log not available for this version

FortiClient 5.6.4.1131
- Change log not available for this version

FortiClient 5.6.2.1117
- Change log not available for this version

FortiClient 5.6.0.1075
- Updated to add support for FortiSandbox 2.4.0

FortiClient 5.4.3.0870
- Change log not available for this version

FortiClient 5.4.2.0860
- Removed 389753 from Resolved Issues
- Added 389240 and 390356 to Resolved Issues
- Moved 295413 to Known Issues
- Updated description of 390265
- Added the following special notice: SSL VPN cannot connect after upgrade to FortiOS to 5.4.x on page 7

FortiClient 5.4.1.0840
- Change log not available for this version

FortiClient 5.4.0.0780
- FortiClient 5.4.0 has enhanced capabilities for the detection of Advanced Persistent Threats (APT).
- Botnets running on compromised systems usually generate outbound network traffic directed towards Command and Control (C&C) servers of their respective owners. The servers may provide updates for the botnet, or commands on actions to execute locally, or on other accessible, remote systems.
- When the new botnet feature is enabled, FortiClient monitors and compare network traffic with a list of known Command and Control servers. Any such network traffic will be blocked.

FortiSandbox Integration:
- FortiSandbox offers the capabilities to analyse new, previously unknown and undetected virus samples in real- time. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as available on the FortiOS and FortiClient. If the file is not detected, but is an executable file, it is run (sandboxed) in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behaviour in the VM.
- FortiClient integration with the FortiSandbox allows users to submit files to the FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they could not be detected by the local real-time scanning. Access to the downloaded file is blocked until scanning result is returned.
- As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time, as well as on-demand, AV scanning.
- This feature requires FortiSandbox running version 2.1 or newer and is only available on FortiClient (Windows).

WEB FILTERING

Enhanced Real-Time Protection Implementation :
- The Real-Time Protection (RTP) or on-access feature in FortiClient uses a tight integration with Microsoft Windows to monitor files locally or over a network file system as they are being downloaded, saved, run, copied, renamed, opened or written to. The FortiClient driver coupling with Windows has been re-written to use modern API's provided by Microsoft. All basic features remain the same, with a few minor differences in behaviour. Some noticeable performance enhancements could be observed in various use case scenarios.

Web Filtering:
- Web Browser Usage and Duration:
- If configured, FortiClient will record detailed information about the user's web browser activities, such as: l Ahistoryofwebsitesvisitedbytheuser(asshowninregularwebbrowserhistory)
- l Anestimateofthedurationorlengthofstayonthewebsite
- These logs are sent to FortiAnalyzer, if configured. With FortiAnalyzer 5.4.0 or newer, the FortiClient logs sent
- from various endpoints may be viewed in FortiView.
- This feature requires FortiAnalyzer 5.4.0 or newer.

VPN

Authorized Machine Detection:
- For enterprises where new computers may be brought into the organisation by employees, FortiClient may be configured to check or identify the computer, before allowing it to establish IPsec VPN or SSL VPN connection to the FortiGate. The administrator may configure restrictions with one or more of the following:
- l Registrycheck:Ensureaspecificregistrypathcontainsapredeterminedvalue. l Filecheck:Verify:theexistenceofaspecificfileataspecifiedlocation.
- l Applicationcheck:Ensurethataspecificapplicationisinstalledandrunning.
- The verification criteria can be configured using advanced FortiClient XML configurations on the FortiGate or the EMS.
- This applies to FortiClient (Windows) only.
- New SSL VPN Windows Driver
- The FortiClient SSL VPN driver, pppop.sys was re-written to use the latest Microsoft Windows recommended CoNDIS WAN driver model. The new driver is selected when FortiClient is installed on Windows 7 or higher. The SSL VPN driver included in the previous versions of FortiClient will still be maintained.
- Endpoint Control What’s New in FortiClient (Windows) 5.4.0

New IPsec VPN Windows Driver:
- FortiClient IPsec VPN drivers have been updated to support Microsoft Windows NDIS 6.3 specification. The new drivers are compatible with Microsoft Windows 8.1 or higher.

Endpoint Control:
- Integration with the New Enterprise Management Server
- The Enterprise Management Server (EMS) is a new product from Fortinet for businesses to use to manage their computer endpoints. It runs on a Windows Server,so it does not require a physical Fortinet device. Administrators may use it to gain insight on the status of their endpoints. The EMS supports devices running Microsoft Windows, Mac OS X, Android and iOS.
- FortiClient Endpoint Control protocol has been updated to seamlessly integrate with the EMS. Various changes were added to support EMS features, such as:
- FortiGate Network Access Control with EMS Integration:
- When creating a FortiClient profile on EMS, the administrator can choose to configure the FortiClient to register to the same EMS or to a FortiGate. Changes in FortiClient 5.4.0 allow it to register to a FortiGate, while simultaneously, notifying the EMS of its registration status. The FortiClient EC registration to the FortiGate is required for Network Access Compliance (NAC). The administrator can configure the FortiGate to allow access to network resources only if the client is compliant with the appropriate interface EC profile.
- This feature requires FortiOS 5.4.0 or newer.
- Quarantine an Infected Endpoint from the FortiGate or EMS
- A computer endpoint that is considered to be infected may be quarantined by the FortiGate or EMS (Enterprise Management Server) administrator. FortiClient needs to be registered and online, using Endpoint Control, to the said FortiGate or EMS.
- Once quarantined, all network traffic to or from the infected endpoint will be blocked locally. This allows time for remediation actions to be taken on the endpoint, such as scan and clean the infected system, revert to a known clean system restore point or re-install the operating system.
- The Administrator may un-quarantine the endpoint in the future from the same FortiGate or EMS.

FortiClient GUI:
- This feature requires either FortiOS 5.4.0 or EMS 1.0.0.
- Importing FortiGate CA Certificate after Endpoint Control Registration
- When the FortiGate is configured to use SSL deep inspection, users visiting encrypted websites will usually receive an invalid certificate warning. The certificate signed by the FortiGate does not have a Certificate Authority (CA) at the endpoint to verify it. Users can manually import the FortiGate CA certificate to stop the error from being displayed. However, all users will have to do the same.
- When registering Endpoint Control (EC) to a FortiGate, the FortiClient will receive the FortiGate's CA certificate and install it into the system store. If Firefox is installed on the endpoint, the FortiGate's CA certificate will also be installed into Firefox certificate store. Thus, the end user will no longer receive the invalid certificate error message when visiting encrypted websites.
- The FortiGate CA certificates will be removed from the system store if FortiClient is uninstalled.

Enhancement to On-net/Off-net Configuration:
- The on-net feature requires the use of a FortiGate as the DHCP server. This is usually configured on the same FortiGate that the FortiClient will be registered. When the device on which FortiClient is running has an IP address from the FortiGate's DHCP server, it is on-net. For any other IP addresses, it is off- net.
- There is a new way to configure the on-net feature. On the FortiGate, the DHCP server can be used, or several network subnets can be provided.

FortiClient will be on-net if:
- Otherwise, it is off-net.

FortiClient GUI AntiVirus Settings Page:
- With the introduction of botnet detection and the integration with FortiSandbox, the AV settings page on the FortiClient GUI has been updated to allow configuration of the new features. The AV settings page is accessible from the FortiClient dashboard. Select the AV tab on the left pane. Then click the settings icon on Real-Time Protection in the right pane.

The following may be selected on the AV settings page:
- FortiClient (Windows) 5.4.0:
- The use of FortiSandbox requires that file scanning is enabled.

FortClient Banner Design:
- If FortiClient is running in standalone mode and not registered to a FortiGate or EMS, a single banner at the bottom of the GUI is displayed. This is true for both the FortiClient full version, as well as the VPN only version. When registered to a FortiGate or EMS, the banner is hidden by default. Similarly, when created from a FortiClient Configurator, no banner is displayed by default.

Logging:
- Enhancement to FortiClient Logs
- FortiClient will create a log entry to show just the URL visited by the user through a web browser. This is in addition to the network level logs generated by FortiClient.

FortiClient 5.2.4.0650
- FortiClient 5.2.4 supports Windows 10. If upgrading from Windows 7 or 8.1 to Windows 10, please uninstall any installed FortiClient, reboot the system, and reinstall FortiClient 5.2.4. Please note, in this scenario, using the Repair option in the Programs and Features Control Panel does not reinstall FortiClient properly.
- The OpenSSL library has been updated to the latest version 1.0.2d.
- FortiOS 5.4 offers the FortiGate administrator the ability to quarantine an endpoint. Traffic from a quarantined endpoint will be dropped by the FortiGate until the endpoint has been released from quarantine. If the endpoint is running FortiClient 5.2.4 or newer) and registered to the FortiGate using Endpoint Control, FortiClient will notify the endpoint user that it has been quarantined by the FortiGate administrator. The FortiClient GUI will change to convey the message. The GUI will remain above any other opened window and cannot be closed. Once released from quarantine the FortiClient GUI will revert to normal operations.

FortiClient 5.2.3.0633
- FortiClient may be configured to send log messages to a syslog server. The following XML configuration may be used to enable this feature. Set to faz in order to switch logging to FortiAnalyzer. This is the default. Provide the IP address of the syslog server in
- The OpenSSL library has been updated to the latest version 1.0.1k.

FortiClient 5.0.6.320
- Vulnerability Scanner (Vulnerability Scan) and firewall applications (Application Firewall) with version 5.0.4.276 and above has been removed for unmanaged clients. FortiGate administrators can enable the display of these functions (for FortiClient) for the registered FortiGate users, so that these functions are still available but are no longer free.
- Improved usability of the repackager tool
- Repackaged clients can be upgraded
- Option to drop IPv6 traffic when an IPsec VPN connection is established. IPv4 traffic is sent through the tunnel or otherwise, depending on whether split tunnel is used.