2024年5月21日发(作者:滕琼岚)
FortiClient
Lock down visibility and control of your software and hardware inventory across the
entire security fabric. Identify vulnerable or compromised hosts and track all details of
systems and user profiles across your attack surface.
FortiClient’s Security Fabric Integration, ensures
that all fabric components – FortiGate, FortiAnalyzer,
EMS, Managed AP, Managed Switches, Sandbox – have
a unified view of endpoints in order to provide tracking
& awareness, compliance enforcement and reporting.
Advanced Threat Protection automates prevention of
known and unknown threats through built-in host-based
security stack and integration with FortiSandbox. Easy to
use Secure Remote Access & Mobility via SSL and
IPsec VPN. FortiClient connects every endpoint to form a
cohesive security fabric.
FortiAnalyzer
Centralized Logging
and Reporting
Web
FortiGate
Physical or virtual
FortiClient
Endpoint Protection
FortiManager
Centralized Device and
Policy Management
Endpoint Management
FortiClient
EMS
Scan ExcludeMove to Delete
Wendy
Group
Wendy
Jeff
EMS for Central
Management
• Simple & User Friendly UI
• Remote FortiClient Deployment
• Realtime Dashboard
• Software Inventory Management
Jeff
Group
Jeff
Andrew
Group
Andrew
David
Andrew
David
Anti-Virus EventsVulnerability EventsWeb Filter EventsSystem Events
• Active Directory Integration
• Central Quarantine Management
• Automatic Group Assignment
• Automatic Email Alerts
• Supports Custom Groups
• Remote Triggers
DATA SHEET
FortiClient: Advanced Endpoint Protection
FortiClient Benefits:
Unified endpoint features including compliance,
protection, and secure access into a single, modular
lightweight client.
End-to-end threat visibility and control by natively inte-
grating endpoint into the Security Fabric architecture.
Advanced threat protection against exploits and
advanced malware, powered by FortiGuard along with
FortiSandbox integration.
Integrated patch management and vulnerability shield-
ing to harden all endpoints.
Simplified management and policy enforcement with
Enterprise Management Server (EMS) and FortiGate,
respectively.
Secure Remote Access & Mobility
FortiClient uses SSL and IPSec VPN to provide secure,
reliable access to corporate networks and applications
from virtually any internet connected remote location.
FortiClient simplifies remote user experience with built-in
auto-connect and always-up VPN features. Two-
Factor authentication can also be used to provide
additional layer of security. Feature like, VPN auto-
connect, Always up, Dynamic VPN Gateway Selection
and split-tunneling ensures smooth user experience on
all device types connecting from home or public places.
Anti-Exploit
This behavioral-based detection
technology protects against zero-
day attacks that target applications
with zero-day or unpatched
vulnerabilities.
Protects against zero-day attacks targeting undiscovered
or unpatched application vulnerabilities
Detects various memory techniques used in an exploit,
such as ROP, HeapSpray, bufferoverflow
File-less Attacks powershell & other scripted attacks
Shields web browsers, Java/Flash plug-ins, Microsoft Of-
fice applications, and PDF Reader
Identifies and Blocks exploit kits, prevents drive-by down-
loads
Signature-less solution
Advanced Threat Protection
As a next-generation endpoint protection solution,
FortiClient helps connect endpoints to FortiSandbox,
which uses behavior-based analysis to automatically
analyze in real-time all files downloaded to FortiClient
endpoints. Millions of FortiClient and FortiSandbox
users worldwide share information about known and
unknown, malware with cloud-based FortiGuard.
FortiGuard automatically shares the intelligence with
other FortiSandbox units and FortiClient endpoints to
prevent attacks from known and unknown malware.
Security Fabric Integration
As a key piece of the Fortinet Security Fabric,
FortiClient integrates the endpoints into the Fabric for
early detection and prevention of advanced threats
and delivers endpoint visibility, compliance control,
vulnerability management and automation. With
6.0, FortiOS & FortiAnalyzer leverages FortiClient
endpoint telemetry intelligence to identify Indicator
of Compromise (IoC). With the Automation capability,
admins can investigate real-time and set policies to
automate responses including quarantining suspicious
or compromised endpoints to contain incidents and
stem outbreaks. Fortinet's endpoint compliance &
vulnerability management features simplifies the
enforcement of enterprise security policies preventing
endpoints from becoming easy attack targets.
2
FortiClient: Advanced Endpoint Protection
Feature Highlights
EMS provides ability to centrally
manage Windows, Mac, Linux,
Chrome, iOS and Android endpoints
Remote FortiClient Deployment
that allows administrators to remotely deploy endpoint software
and perform controlled upgrades.
EMS
FortiGate provides
awareness and control
over all your endpoints
FortiGate
Centralized Client Provisioning
makes depoying FortiClient
configuration to thousands of clients an effortless task with a click of a button.
Telemetry
provides real-time endpoint visibility (including
user avatar) on FortiGate console so administrators can get a
comprehensive view of the whole network. Telemetry also ensures
that all fabric components have a unified view of the endpoints.
Software Inventory Management
provides visibility into installed
software applications and licence management to improve security hygiene. You
can use inventory information to detect and remove unnecessary or outdated
applications that might have vulnerabilities to reduce your attack surface.
Compliance Enforcement
can be used to enforce
organisations security policies. Only authorized and compliant
endpoints with no security risks are granted access.
Windows AD Integration
helps sync organisations AD structure into EMS so
same OUs can be used for endpoint management.
Endpoint Quarantine
helps to quickly disconnect a compromised endpoint
from the network and stop it from infecting other assets.
Realtime Endpoint Status
always provides current information on endpoint
activity & security events.
Vulnerability Dashboard
helps manage organizations attack surface.
All vulnerable endpoints are easily identified for administrative action.
Automated Response
helps detect and isolate suspicious or compromised endpoints
without manual intervention
FortiClient EMS and FortiGate Endpoint Licenses
FORTICLIENT EMS LICENSE
PROVISIONING
Centralized Client Provisioning
Client Software Updates
Windows AD Integration
FortiTelemetry Gateway IP List
Software Inventory
Automatic Group Assignment
COMPLIANCE ENFORCEMENT AND SECURITY FABRIC INTEGRATION
Fortinet Security Fabric Integration
Security Posture Check
Vulnerability Compliance Check
Minimum System Compliance
Authorized Device Detection
Automated Endpoint Quarantine
REMOTE CONTROL
On-demand Antivirus Scan
On-demand Vulnerability Scan
Host Quarantine
TELEMETRY AND MONITORING
Client Information (client version, OS IP/MAC
address, profile assigned, user avatar)
Client Status
Reporting
(To FortiAnalzyer) ( To FortiAnalzyer)
FORTIGATE ENDPOINT TELEMETRY & COMPLIANCE LICENSE
PLUS - THE FORTICLIENT CUSTOM INSTALLER TOOL IS AVAILABLE FOR FREE ON FNDN. REBRANDING TOOL REQUIRES AN FNDN SUBSCRIPTION
3
FortiClient: Advanced Endpoint Protection
WINDOWS
SECURITY FABRIC COMPONENTS
Endpoint Telemetry
1
Compliance Enforcement
1
Endpoint Audit and Remediation
with Vulnerability Scanning
1
Automated Endpoint Quarantine
HOST SECURITY AND VPN COMPONENTS
Antivirus
Anti-Exploit
Sandbox Detection
Web Filtering
2
Application Firewall
1
IPSec VPN
SSL VPN
3
OTHERS
Remote Logging and Reporting
Windows AD SSO Agent
USB Device Control
4
MAC OS XANDROIDiOSChromeBookLinux
Specifications
FORTICLIENT
Operating System Supported:
Microsoft Windows 7 (32-bit and 64-bit
Microsoft Windows 8, 8.1 (32-bit and 64-bit
Microsoft Windows 10 (32-bit and 64-bit
FortiClient 6.0.0 does not support Windows
XP or Windows Vista
Windows Server 2008 or newer
Mac OS X v10.12, v10.11, v10.10, v10.9,
v10.8
iOS 5.1 or later (iPhone, iPad, iPod Touch
Android OS 4.4.4 or later (phone and tablet
Linux OS, Ubuntu 16.04 and later, Red Hat
7.4 and later, CentOS 7.4 and later with KDE
or GNOME
Authentication Options
RADIUS, LDAP, Local Database, xAuth, TACACS+,
Digital Certificate (X509 format), FortiToken
*
Connection Options
Auto Connect VPN before Windows logon,
IKE Mode config for FortiClient VPN IPsec tunnel
Note: All specifcations are based on FortiClient 6.0.
FORTICLIENT EMS
Operating System Supported
Microsoft Windows Server 2008 or newer
Endpoint Requirement
FortiClient version 5.6 or newer, FortiClient for
Microsoft Windows and Mac OS X, 5.4 for
iOS and Android
System Requirements
2.0 GHz 64-bit processor, dual core (or two
virtual CPUs), 4 GB RAM, 40 GB free hard
disk, Gigabit (10/100/1000BaseT)
Ethernet adapter, Internet access
PLUS - ADVANCED THREAT PROTECTION COMPONENTS FOR WINDOWS: File Analysis with FortiSandbox
and Host Quarantine Enforcement
1
Requires FortiClient to be managed by EMS
2
Also compatible in Chrome OS
3
Also compatible in Windows Mobile.
The list above is based on the latest OS for each platform.
4
Requires FortiAnalyzer
1
*
No file submission
Order Information
PRODUCT
Enterprise Management Server Endpoint
License for 100 clients
FortiClient Chromebook Enterprise
Management Server License for 100 users
FortiClient Telemetry License for 100 Clients
SKU
FC1-15-EMS01-158-02-DD
FC1-15-EMS02-158-02-DD
DESCRIPTION
FortiClient Enterprise Management Server License subscription for
100 clients. Includes 24x7 support.
Chromebook Enterprise Management Server License subscription
for 100 ChromeOS users. Includes 24x7 support
Endpoint Telemetry & Compliance License subscription for 100
clients. Includes 24x7 support.
Note1: Compatible with FortiOS 5.6 and above only;
Note2: Refer to the FortiOS admin guide for specific platform
restrictions and maximum license limit.
FC1-10-C1100-151-02-DD
CERTIFIED
FortiGuard Security
Services
FortiCare Worldwide
24/7 support
GLOBAL HEADQUARTERS
Fortinet Inc.
899 Kifer Road
Sunnyvale, CA 94086
United States
Tel: +1.408.235.7700
/sales
EMEA SALES OFFICE
905 rue Albert Einstein
Valbonne 06560
Alpes-Maritimes, France
Tel: +33.4.8987.0500
APAC SALES OFFICE
8 Temasek Boulevard
# 12-01 Suntec Tower Three
Singapore 038988
Tel: +65.6395.2788
LATIN AMERICA SALES OFFICE
Sawgrass Lakes Center
13450 W. Sunrise Blvd., Suite 430
Sunrise, FL 33323
United States
Tel: +1.954.368.9990
Copyright© 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions,
and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other
metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may
affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event,
only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking
statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer,
or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-FCT FCT-DAT-R19-201810
4
2024年5月21日发(作者:滕琼岚)
FortiClient
Lock down visibility and control of your software and hardware inventory across the
entire security fabric. Identify vulnerable or compromised hosts and track all details of
systems and user profiles across your attack surface.
FortiClient’s Security Fabric Integration, ensures
that all fabric components – FortiGate, FortiAnalyzer,
EMS, Managed AP, Managed Switches, Sandbox – have
a unified view of endpoints in order to provide tracking
& awareness, compliance enforcement and reporting.
Advanced Threat Protection automates prevention of
known and unknown threats through built-in host-based
security stack and integration with FortiSandbox. Easy to
use Secure Remote Access & Mobility via SSL and
IPsec VPN. FortiClient connects every endpoint to form a
cohesive security fabric.
FortiAnalyzer
Centralized Logging
and Reporting
Web
FortiGate
Physical or virtual
FortiClient
Endpoint Protection
FortiManager
Centralized Device and
Policy Management
Endpoint Management
FortiClient
EMS
Scan ExcludeMove to Delete
Wendy
Group
Wendy
Jeff
EMS for Central
Management
• Simple & User Friendly UI
• Remote FortiClient Deployment
• Realtime Dashboard
• Software Inventory Management
Jeff
Group
Jeff
Andrew
Group
Andrew
David
Andrew
David
Anti-Virus EventsVulnerability EventsWeb Filter EventsSystem Events
• Active Directory Integration
• Central Quarantine Management
• Automatic Group Assignment
• Automatic Email Alerts
• Supports Custom Groups
• Remote Triggers
DATA SHEET
FortiClient: Advanced Endpoint Protection
FortiClient Benefits:
Unified endpoint features including compliance,
protection, and secure access into a single, modular
lightweight client.
End-to-end threat visibility and control by natively inte-
grating endpoint into the Security Fabric architecture.
Advanced threat protection against exploits and
advanced malware, powered by FortiGuard along with
FortiSandbox integration.
Integrated patch management and vulnerability shield-
ing to harden all endpoints.
Simplified management and policy enforcement with
Enterprise Management Server (EMS) and FortiGate,
respectively.
Secure Remote Access & Mobility
FortiClient uses SSL and IPSec VPN to provide secure,
reliable access to corporate networks and applications
from virtually any internet connected remote location.
FortiClient simplifies remote user experience with built-in
auto-connect and always-up VPN features. Two-
Factor authentication can also be used to provide
additional layer of security. Feature like, VPN auto-
connect, Always up, Dynamic VPN Gateway Selection
and split-tunneling ensures smooth user experience on
all device types connecting from home or public places.
Anti-Exploit
This behavioral-based detection
technology protects against zero-
day attacks that target applications
with zero-day or unpatched
vulnerabilities.
Protects against zero-day attacks targeting undiscovered
or unpatched application vulnerabilities
Detects various memory techniques used in an exploit,
such as ROP, HeapSpray, bufferoverflow
File-less Attacks powershell & other scripted attacks
Shields web browsers, Java/Flash plug-ins, Microsoft Of-
fice applications, and PDF Reader
Identifies and Blocks exploit kits, prevents drive-by down-
loads
Signature-less solution
Advanced Threat Protection
As a next-generation endpoint protection solution,
FortiClient helps connect endpoints to FortiSandbox,
which uses behavior-based analysis to automatically
analyze in real-time all files downloaded to FortiClient
endpoints. Millions of FortiClient and FortiSandbox
users worldwide share information about known and
unknown, malware with cloud-based FortiGuard.
FortiGuard automatically shares the intelligence with
other FortiSandbox units and FortiClient endpoints to
prevent attacks from known and unknown malware.
Security Fabric Integration
As a key piece of the Fortinet Security Fabric,
FortiClient integrates the endpoints into the Fabric for
early detection and prevention of advanced threats
and delivers endpoint visibility, compliance control,
vulnerability management and automation. With
6.0, FortiOS & FortiAnalyzer leverages FortiClient
endpoint telemetry intelligence to identify Indicator
of Compromise (IoC). With the Automation capability,
admins can investigate real-time and set policies to
automate responses including quarantining suspicious
or compromised endpoints to contain incidents and
stem outbreaks. Fortinet's endpoint compliance &
vulnerability management features simplifies the
enforcement of enterprise security policies preventing
endpoints from becoming easy attack targets.
2
FortiClient: Advanced Endpoint Protection
Feature Highlights
EMS provides ability to centrally
manage Windows, Mac, Linux,
Chrome, iOS and Android endpoints
Remote FortiClient Deployment
that allows administrators to remotely deploy endpoint software
and perform controlled upgrades.
EMS
FortiGate provides
awareness and control
over all your endpoints
FortiGate
Centralized Client Provisioning
makes depoying FortiClient
configuration to thousands of clients an effortless task with a click of a button.
Telemetry
provides real-time endpoint visibility (including
user avatar) on FortiGate console so administrators can get a
comprehensive view of the whole network. Telemetry also ensures
that all fabric components have a unified view of the endpoints.
Software Inventory Management
provides visibility into installed
software applications and licence management to improve security hygiene. You
can use inventory information to detect and remove unnecessary or outdated
applications that might have vulnerabilities to reduce your attack surface.
Compliance Enforcement
can be used to enforce
organisations security policies. Only authorized and compliant
endpoints with no security risks are granted access.
Windows AD Integration
helps sync organisations AD structure into EMS so
same OUs can be used for endpoint management.
Endpoint Quarantine
helps to quickly disconnect a compromised endpoint
from the network and stop it from infecting other assets.
Realtime Endpoint Status
always provides current information on endpoint
activity & security events.
Vulnerability Dashboard
helps manage organizations attack surface.
All vulnerable endpoints are easily identified for administrative action.
Automated Response
helps detect and isolate suspicious or compromised endpoints
without manual intervention
FortiClient EMS and FortiGate Endpoint Licenses
FORTICLIENT EMS LICENSE
PROVISIONING
Centralized Client Provisioning
Client Software Updates
Windows AD Integration
FortiTelemetry Gateway IP List
Software Inventory
Automatic Group Assignment
COMPLIANCE ENFORCEMENT AND SECURITY FABRIC INTEGRATION
Fortinet Security Fabric Integration
Security Posture Check
Vulnerability Compliance Check
Minimum System Compliance
Authorized Device Detection
Automated Endpoint Quarantine
REMOTE CONTROL
On-demand Antivirus Scan
On-demand Vulnerability Scan
Host Quarantine
TELEMETRY AND MONITORING
Client Information (client version, OS IP/MAC
address, profile assigned, user avatar)
Client Status
Reporting
(To FortiAnalzyer) ( To FortiAnalzyer)
FORTIGATE ENDPOINT TELEMETRY & COMPLIANCE LICENSE
PLUS - THE FORTICLIENT CUSTOM INSTALLER TOOL IS AVAILABLE FOR FREE ON FNDN. REBRANDING TOOL REQUIRES AN FNDN SUBSCRIPTION
3
FortiClient: Advanced Endpoint Protection
WINDOWS
SECURITY FABRIC COMPONENTS
Endpoint Telemetry
1
Compliance Enforcement
1
Endpoint Audit and Remediation
with Vulnerability Scanning
1
Automated Endpoint Quarantine
HOST SECURITY AND VPN COMPONENTS
Antivirus
Anti-Exploit
Sandbox Detection
Web Filtering
2
Application Firewall
1
IPSec VPN
SSL VPN
3
OTHERS
Remote Logging and Reporting
Windows AD SSO Agent
USB Device Control
4
MAC OS XANDROIDiOSChromeBookLinux
Specifications
FORTICLIENT
Operating System Supported:
Microsoft Windows 7 (32-bit and 64-bit
Microsoft Windows 8, 8.1 (32-bit and 64-bit
Microsoft Windows 10 (32-bit and 64-bit
FortiClient 6.0.0 does not support Windows
XP or Windows Vista
Windows Server 2008 or newer
Mac OS X v10.12, v10.11, v10.10, v10.9,
v10.8
iOS 5.1 or later (iPhone, iPad, iPod Touch
Android OS 4.4.4 or later (phone and tablet
Linux OS, Ubuntu 16.04 and later, Red Hat
7.4 and later, CentOS 7.4 and later with KDE
or GNOME
Authentication Options
RADIUS, LDAP, Local Database, xAuth, TACACS+,
Digital Certificate (X509 format), FortiToken
*
Connection Options
Auto Connect VPN before Windows logon,
IKE Mode config for FortiClient VPN IPsec tunnel
Note: All specifcations are based on FortiClient 6.0.
FORTICLIENT EMS
Operating System Supported
Microsoft Windows Server 2008 or newer
Endpoint Requirement
FortiClient version 5.6 or newer, FortiClient for
Microsoft Windows and Mac OS X, 5.4 for
iOS and Android
System Requirements
2.0 GHz 64-bit processor, dual core (or two
virtual CPUs), 4 GB RAM, 40 GB free hard
disk, Gigabit (10/100/1000BaseT)
Ethernet adapter, Internet access
PLUS - ADVANCED THREAT PROTECTION COMPONENTS FOR WINDOWS: File Analysis with FortiSandbox
and Host Quarantine Enforcement
1
Requires FortiClient to be managed by EMS
2
Also compatible in Chrome OS
3
Also compatible in Windows Mobile.
The list above is based on the latest OS for each platform.
4
Requires FortiAnalyzer
1
*
No file submission
Order Information
PRODUCT
Enterprise Management Server Endpoint
License for 100 clients
FortiClient Chromebook Enterprise
Management Server License for 100 users
FortiClient Telemetry License for 100 Clients
SKU
FC1-15-EMS01-158-02-DD
FC1-15-EMS02-158-02-DD
DESCRIPTION
FortiClient Enterprise Management Server License subscription for
100 clients. Includes 24x7 support.
Chromebook Enterprise Management Server License subscription
for 100 ChromeOS users. Includes 24x7 support
Endpoint Telemetry & Compliance License subscription for 100
clients. Includes 24x7 support.
Note1: Compatible with FortiOS 5.6 and above only;
Note2: Refer to the FortiOS admin guide for specific platform
restrictions and maximum license limit.
FC1-10-C1100-151-02-DD
CERTIFIED
FortiGuard Security
Services
FortiCare Worldwide
24/7 support
GLOBAL HEADQUARTERS
Fortinet Inc.
899 Kifer Road
Sunnyvale, CA 94086
United States
Tel: +1.408.235.7700
/sales
EMEA SALES OFFICE
905 rue Albert Einstein
Valbonne 06560
Alpes-Maritimes, France
Tel: +33.4.8987.0500
APAC SALES OFFICE
8 Temasek Boulevard
# 12-01 Suntec Tower Three
Singapore 038988
Tel: +65.6395.2788
LATIN AMERICA SALES OFFICE
Sawgrass Lakes Center
13450 W. Sunrise Blvd., Suite 430
Sunrise, FL 33323
United States
Tel: +1.954.368.9990
Copyright© 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions,
and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other
metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may
affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event,
only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking
statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer,
or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-FCT FCT-DAT-R19-201810
4