DATA SHEET
FortiClient
Secure remote access with visibility and controls for Zero Trust Network Access (ZTNA)
FortiClient’s Security Fabric Integration provides
endpoint visibility through telemetry and ensures that FortiAnalyzer
Centralized Logging
all fabric components – FortiGate, FortiAnalyzer, and Reporting
EMS, Managed AP, Managed Switches, and Web
FortiSandbox
Sandbox – have a unified view of endpoints in order Or FortiSandbox
Cloud FortiGate
to provide tracking and awareness, compliance Physical or virtual
FortiClient
enforcement, and reporting. Fortinet extends ZTNA Endpoint Protection
control to end-user devices both on- and off-network FortiManager
Centralized Device and
Policy Management
operation through FortiClient. Easy to use Secure
Remote Access and Mobility via SSL and IPsec VPN.
FortiClient connects every endpoint to form a FortiClient
EMS
cohesive security fabric. Endpoint Management
Key Advantages
EMS for Central
Unified endpoint features including compliance, Management
protection, and secure access into a single, modular § Simple & User Friendly UI
lightweight client. § Remote FortiClient Deployment
§ Real-time Dashboard
End-to-end threat visibility and control by natively
§ Software Inventory Management
integrating endpoint into the Security Fabric
§ Active Directory Integration
architecture.
§ Central Quarantine Management
Advanced threat protection against exploits and § Automatic Group Assignment
advanced malware, powered by FortiGuard along with § Dynamic Access Control
§ Automatic Email Alerts
FortiSandbox integration.
§ Supports Custom Groups
Integrated vulnerability shielding and patch § Remote Triggers
management to harden all endpoints.
FortiGuard Security
Services
Simplified management and policy enforcement www.fortiguard.com
with Enterprise Management Server (EMS) and FortiCare Worldwide
24/7 support
FortiGate, respectively. support.fortinet.com
DATA SHEET | FortiClient
FortiClient Benefits
Security Fabric Integration Zero Trust Network Access
FortiClient integrates the endpoints into Fortiner’s Security Fabric Fortinet extends ZTNA control to end-user devices both on- and
for early detection and prevention of advanced threats. This off-network operation through FortiClient. With FortiClient endpoint
integreation delivers native endpoint visibility, compliance control, telemetry and risk assessment, Admin gain the critical endpoint
vulnerability management and automation. With 6.0, FortiOS and visibility and can set conditional-access policies to control access
FortiAnalyzer leverage FortiClient endpoint telemetry intelligence from the endpoints. For example, limit a vulnerable endpoint
to identify Indicator of Compromise (IoC). With the Automation from accessing critical areas of the network or even block VPN
capability, admins can investigate real-time and set policies connection.
to automate responses including quarantining suspicious or
compromised endpoints to contain incidents and stem outbreaks. Secure Remote Access
Fortinet’s endpoint compliance & vulnerability management features To enable secure remote access, FortiClient provides flexible
simplifies the enforcement of enterprise security policies options for VPN connectivity. It supports both secure sockets layer
preventing endpoints from becoming easy attack targets. (SSL) and Internet Protocol security (IPsec) VPNs. A split tunneling
feature enables remote users on SSL VPNs to access the internet
Web Filtering and SAAS Control without their traffic having to pass through the corporate VPN
FortiClient provides off network web filtering, delivering web headend, as in a typical SSL tunnel. This feature reduces latency,
security and content filtering. The web application firewall provides which improves user experience. At the same time, FortiClient
botnet protection and granular application traffic control including includes protections to ensure that internet-based transactions
web-based applications and software as a service (Saas). cannot backflow into the VPN connection and jeopardize the
corporate network.
In addition to simple remote connectivity, FortiClient simplifies
remote user experience with features such as auto-connect and
always-on VPN, as well as Dynamic VPN Gate Selection. Two-
Factor authentication can also be used to provide an additional
layer of security.
Endpoint Hygiene
FortiClient helps organizations reduce attack
surface with vulnerability scanning and optional
auto-patching. Combined with the zero-trust
access principles, this approach can enhance
an organization’s hygiene and security posture.
Malware and Exploit Prevention
By integrating with FortiSandbox Cloud and leveraging FortiGuard
Global Threat Intelligence, FortiClient prevents advanced malware
and vulnerabilities from being exploited.
FortiClient integrates with FortiSandbox Cloud to analyze in
real-time all files downloaded to FortiClient endpoints. Millions of
FortiClient and FortiSandbox users worldwide share information
about known and unknown malware with cloud-based FortiGuard
threat intelligence platform. FortiGuard automatically shares the
intelligence with FortiClient endpoints to protect against emerging
threats.
2
DATA SHEET | FortiClient
Feature Highlights
EMS EMS provides ability to centrally FortiGate FortiGate provides awareness and
manage Windows, Mac, Linux, control over all your endpoints
Chrome, iOS and Android endpoints
Software Inventory Management provides visibility into Telemetry provides real-time endpoint visibility (including
installed software applications and licence management to user avatar) on FortiGate console so administrators can get a
improve security hygiene. You can use inventory information to comprehensive view of the whole network. Telemetry also ensures
detect and remove unnecessary or outdated applications that that all fabric components have a unified view of the endpoints.
might have vulnerabilities to reduce your attack surface.
Dynamic Access Control for Compliance Enforcement
Windows AD Integration helps sync organizations AD structure requires EMS to create virtual groups based on endpoint security
into EMS so same OUs can be used for endpoint management. posture. These virtual groups are then retrieved by FortiGate and
used in firewall policy for dynamic access control. Dynamic groups
Real-time Endpoint Status always provides current information help automate & simplify compliance to security policies.
on endpoint activity & security events.
Endpoint Quarantine helps to quickly disconnect a compromised
Vulnerability Dashboard helps manage organizations endpoint from the network and stop it from infecting other assets.
attack surface. All vulnerable endpoints are easily identified for
administrative action. Automated Response helps detect and isolate suspicious or
compromised endpoints without manual intervention.
Centralized FortiClient Deployment & Provisioning that
allows administrators to remotely deploy endpoint software Application-based Split Tunnel supports source application-
and perform controlled upgrades. Makes deploying FortiClient based split tunnel, where you can specify application traffic to
configuration to thousands of clients an effortless task with a click exclude from the VPN tunnel, such as high bandwidth apps.
of a button.
Sandbox settings are automatically synchronized with EMS Web Filtering with Keyword Search / YouTube Filters blocks
and detailed analysis of FortiClient submitted files for behavior web pages containing words or patterns that you specify as
based detection is accessible in EMS. Administrators can see well as limit users’ access by blocking or only allowing specified
all behavior activity of a file including graphic visualization of full YouTube channels.
process tree.
SECURITY FABRIC AGENT
Provisioning
Centralized Client Provisioning
Client Software Updates
Windows AD Integration
FortiTelemetry Gateway IP List
Software Inventory
Automatic Group Assignment
Compliance Enforcement and Security Fabric Integration
Fortinet Security Fabric Integration
Security Posture Check
Vulnerability Compliance Check
Dynamic Access Control
Authorized Device Detection
Automated Endpoint Quarantine
Remote Control
On-demand Antivirus Scan
On-demand Vulnerability Scan
Host Quarantine
Telemetry and Monitoring
Client Information (client version, OS IP/MAC address, ofile assigned, user avatar)
Client Status
Reporting (to FortiAnalyzer)
PLUS - Add Sandbox Cloud Subscription for Proactive Advanced Threat Detection as well as other upcoming add-ons in the future.
3
DATA SHEET | FortiClient
WINDOWS MAC OS X ANDROID iOS CHROMEBOOK LINUX FORTICLIENT
Security Fabric Components
Operating System Supported:
Endpoint Telemetry1 Microsoft Windows 7 (32-bit and 64-bit
Compliance Enforcement using Dynamic Microsoft Windows 8, 8.1 (32-bit and 64-bit
Access Control1 Microsoft Windows 10 (32-bit and 64-bit
Endpoint Audit and Remediation with FortiClient 6.2.0 does not support Windows XP or
Vulnerability Scanning1 Windows Vista
Windows Server 2008 or newer
Automated Endpoint Quarantine Mac OS X v10.13 , v10.12, v10.11,
Automated
Host Endpoint
Security Quarantine
and VPN Components iOS 5.1 or later (iPhone, iPad, iPod Touch
Android OS 4.4.4 or later (phone and tablet
Antivirus Linux OS, Ubuntu 16.04 and later, Red Hat 7.4 and
Cloud-based Threat Detection later, CentOS 7.4 and later with KDE or GNOME
Anti-Exploit Authentication Options
Sandbox Detection (on-prem) * RADIUS, LDAP, Local Database, xAuth, TACACS+,
Sandbox Cloud Detection Digital Certificate (X509 format), FortiToken
Web Filtering2
Connection Options
Application Firewall1 Auto Connect VPN before Windows logon,
IPsec VPN IKE Mode config for FortiClient VPN IPsec tunnel
SSL VPN3
Note: All specifcations are based on FortiClient 6.2.
Others
Remote Logging and Reporting4
Windows AD SSO Agent FORTICLIENT EMS
USB Device Control
Operating System Supported
PLUS - Add Sandbox Cloud Subscription for Proactive Advanced Threat Detection Microsoft Windows Server 2008 or newer
1
Requires FortiClient to be managed by EMS
Endpoint Requirement
2
Also compatible in Chrome OS
FortiClient version 6.0 or newer, FortiClient for
3
Also compatible in Windows Mobile.
Microsoft Windows and Mac OS X, 6.0 for iOS and
The list above is based on the latest OS for each platform.
Android
4
Requires FortiAnalyzer
* No file submission
System Requirements
2.0 GHz 64-bit processor, dual core (or two virtual
CPUs), 4 GB RAM, 40 GB free hard disk, Gigabit
(10/100/1000BaseT)
Ethernet adapter, Internet access
Order Information
Product SKU Description
FortiClient Security Fabric Agent FC1-15-EMS01-299-02-DD Security Fabric Agent with EPP license subscription for 25 endpoints.
with FortiSandbox Cloud Includes Fabric Agent, Anti-Malware, Remote Access, Web Filter,
Vulnerability Scan, Software Inventory, Application Firewall, SSOMA,
Threat Outbreak Detection, Sandbox Agent with Cloud Sandbox
CERTIFIED
subscription, Central Management and 24x7 Support
FortiClient Security Fabric Agent FC1-15-EMS01-297-02-DD Security Fabric Agent with EPP license subscription for 25 endpoints.
for 25 Clients Includes Fabric Agent, Anti-Malware, Remote Access, Web Filter,
Vulnerability Scan, Software Inventory, Application Firewall, SSOMA,
Threat Outbreak Detection, Sandbox Agent (On-Prem), Central
Management and 24x7 Support
FortiClient Chromebook for 25 FC1-15-EMS01-403-02-DD FortiClient Chromebook license subscription for 25 Chrome OS users.
Clients Includes Web Filter, Central Management and 24x7 Support.
www.fortinet.com
Copyright © 2020 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results
may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to
the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event,
only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests.
Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version
of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without
notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-FCT FCT-DAT-R22-202012