Forticlient Admin 50 Ga
Forticlient Admin 50 Ga
Forticlient Admin 50 Ga
0
Administration Guide
Technical Documentation
docs.fortinet.com
Knowledge Base
kb.fortinet.com
support.fortinet.com
Training Services
training.fortinet.com
FortiGuard
fortiguard.com
Document Feedback
techdocs@fortinet.com
Table of Contents
Change Log....................................................................................................... 6
Introduction....................................................................................................... 7
Licensing.................................................................................................................. 7
Client limits......................................................................................................... 7
Supported operating systems ................................................................................. 8
Windows ............................................................................................................ 8
Mac OS X ........................................................................................................... 8
Minimum system requirements................................................................................ 8
Windows ............................................................................................................ 8
Mac OS X ........................................................................................................... 8
Language support.................................................................................................... 9
Windows ............................................................................................................ 9
Mac OS X ........................................................................................................... 9
Central Management...................................................................................... 21
Introduction............................................................................................................ 21
Configure Endpoint Management..........................................................................
Step 1: Enable Device Management and Broadcast Discovery Messages.....
Step 2: Configure the Client Endpoint Profile ..................................................
Step 3: Configure Firewall Policies ..................................................................
Step 1: Download and install FortiClient..........................................................
Step 2: FortiClient registration .........................................................................
Step 3: FortiGate deploys the Endpoint Profile ...............................................
Deploy the Endpoint Profile to clients over VPN .............................................
21
21
22
23
26
27
30
31
Page 3
AntiVirus .......................................................................................................... 34
FortiClient AntiVirus ...............................................................................................
Enable/Disable AntiVirus..................................................................................
Notifications .....................................................................................................
Scan Now.........................................................................................................
Update Now .....................................................................................................
Schedule AntiVirus scanning ...........................................................................
View quarantined threats .................................................................................
Add files/folders to an exclusion list ................................................................
AntiVirus warning .............................................................................................
34
34
34
35
36
37
38
39
40
43
43
44
44
Application Firewall........................................................................................ 45
FortiClient Application Firewall ..............................................................................
Enable/Disable Application Firewall.................................................................
View Applications Blocked ..............................................................................
Application Firewall Rules ................................................................................
Application Firewall logging .............................................................................
45
45
45
46
47
48
48
49
50
51
53
53
53
54
54
54
Page 4
55
55
55
56
58
58
58
59
60
Settings ........................................................................................................... 61
Backup or restore full configuration ...................................................................... 61
Logging .................................................................................................................. 62
Updates ................................................................................................................. 62
VPN options ........................................................................................................... 63
Certificate Management ........................................................................................ 63
AntiVirus options.................................................................................................... 63
Advanced options .................................................................................................. 64
Single Sign-On Mobility Agent............................................................................... 64
FortiClient/FortiAuthenticator Protocol ............................................................ 64
67
68
69
89
Page 5
Change Log
Date
Change Description
2012-11-02
Initial release.
2012-11-07
Updated scripts chapters. This document is now inclusive of both Windows and Mac OS X. It is
important to note that not all features available for Windows are available for Mac OS X.
2012-11-15
2012-11-22
2012-11-27
Updated script commands to match changes in the FortiClient v5.0.0 XML Reference.
Page 6
Introduction
FortiClient has been completely re-designed for v5.0.0 GA. FortiClient provides a
comprehensive network security solution for endpoints while improving your visibility and
control. FortiClient allows you to manage the security of multiple endpoint devices from the
FortiGate interface. This document provides an overview of FortiClient v5.0.0.
This document was written for FortiClient v5.0.0 GA for Windows. Not all features described in
this document are supported for FortiClient v5.0.0 GA for Mac OS X.
Licensing
Licensing on the FortiGate is based on the number of registered clients. FortiGate 40C and
higher models support ten (10) free managed FortiClient licenses. For additional managed
clients, an upgraded license must be purchased. The maximum number of managed clients
varies per device model.
Client limits
FortiGate Model
10
N/A
10
10
In high availability (HA) configurations, all cluster members require an upgrade license key.
Page 7
Mac OS X
OS X Mountain Lion (v10.8)
Mac OS X Lion (v10.7)
Mac OS X Snow Leopard (v10.6)
Mac OS X
Intel processor
256MB of RAM
20MB of hard disk drive (HDD) space
TCP/IP communication protocol
Ethernet NIC for network connections
Wireless adapter for wireless network connections
Page 8
Language support
Windows
FortiClient v5.0.0 is localized for the following languages:
Graphical User Interface
Documentation
English
German
Portuguese (Brazil)
Spanish (Spain)
Korean
Japanese
Documentation
English
German
Japanese
Chinese
Mac OS X
FortiClient v5.0.0 is localized for the following languages:
Please review the FortiClient v5.0.0 (Windows) Release Notes/FortiClient v5.0.0 (Mac OS X)
Release Notes prior to upgrading. Release Notes are available at the Customer Service &
Support site.
Page 9
This document was written for FortiClient v5.0.0 GA for Windows. Not all features described in
this document are supported for FortiClient v5.0.0 GA for Mac OS X.
Page 10
Installing FortiClient
Installing FortiClient on a Windows computer
The following instructions will guide you though the installation of FortiClient on a Windows
computer.
To install FortiClient
1. Double-click the FortiClient executable file to launch the setup wizard. The Setup Wizard will
install FortiClient on your computer.
Figure 1: Welcome screen
2. Read the license agreement and select Next to continue. You have the option to print the
EULA on this screen.
Figure 2: End-User License Agreement
Page 11
3. Select Change to choose an alternate folder destination for installation. Select Next to
continue.
Figure 3: Destination folder selection
Page 12
6. On a new FortiClient installation, you do not need to reboot your system. When upgrading
the FortiClient version, you must restart your system for the configuration changes made to
FortiClient to take effect. Select Yes to restart your system now, or select No to manually
restart later.
Figure 6: Restart your system to complete the installation
Page 13
2. Read the Software License Agreement and select Continue. You have the option to print, or
save the Software Agreement on this screen. You will be prompted to Agree with the terms
of the license agreement.
Figure 9: Software License Agreement
Page 14
4. Select Install to perform a standard installation on this computer. You can change the install
location from this screen.
Figure 11:Installation Type screen
5. Depending on your system, you may be prompted to enter your system password.
Figure 12:Enter system password to continue
Page 15
8. Double-click the FortiClient icon to launch the application. The application dashboard loads
to your desktop. Select the lock icon on the bottom left of the dashboard to make changes
to the FortiClient configuration.
Figure 15:Default FortiClient dashboard is locked
Page 16
Provisioning FortiClient
FortiClient MSI configuration tool
The FortiClient Configurator tool is the recommended method of creating a customized
installation of FortiClient.
This document was written for FortiClient v5.0.0 GA for Windows. Not all features described in
this document are supported for FortiClient v5.0.0 GA for Mac OS X.
Usage
FortiClientConfigurator.exe -m <path to FortiClient.msi file> [optional
switches]
Example usage
FortiClientConfigurator.exe -m c:\downloads\forticlient.msi
--REGISTRATIONKEY sercretpassword
This command above creates the following directories containing files ready for deployment:
c:\downloads\FortiClient_packaged\ActiveDirectory\
c:\downloads\FortiClient_packaged\ManualDistribution\
Page 17
2. In the folder where you expanded the installer .zip package, execute the following command
line entry:
FortiClientConfigurator.exe -m <path to FortiClient.msi file>
<optional switches.
A new subdirectory is created, which contains the FortiClient MSI file.
The following instructions are based from Microsoft Windows Server 2008. If you are using a
different version of Microsoft Server, your snap-in locations may be different.
Page 18
2. Select Computer Configuration > Policy > Software Settings > Software Installation. You will
now be able to see the package that was used to install FortiClient.
3. Right-click the package, select All Tasks > Remove. Choose Immediately uninstall the
software from users and computers, or Allow users to continue to use the software but
prevent new installations. Select OK. The package will delete.
4. If you wish to expedite the uninstallation process, on both the server and client computers,
force a GPO update as shown in the previous section. The software will be uninstalled on the
client computers next reboot. You can also wait for the client computer to poll the domain
controller for GPO changes and uninstall the software then.
These instructions assume you have already installed and configured SCCM. If you have not,
please refer to Microsofts online help sources for information on this task.
Page 19
4. Set your Environment variables - it is recommended to select that the program can run
Whether or not a user is logged on.
5. You can leave the Advanced and Windows Installer tabs as default.
6. If you require a notification sent to Microsoft Operations Manager (MOM), select the
appropriate options under the MOM Maintenance tab.
7. As with the previous step, review your Summary and then create your program.
Step 3: Advertising Your Package to Client PCs
1. Startup your Configuration Manager Console GUI and expand the following:
Computer Management > Software Distribution > Advertisements.
Right-click Advertisements and select New > Advertisement from the contextual menu.
2. When prompted about no distribution points, select Yes. We will update the distribution
point later in the process.
3. Under the Schedule tab, set the date you wish the advertisement to commence (and expire,
if you desire). Set your priority level (recommended setting is High). Select on the yellow
star to set the mandatory settings.
4. Under the Distribution Points tab, select Download content from distribution point and run
locally for both settings.
5. Under the Interaction tab, you can use this to warn logged in users that the program is going
to run, and provide a countdown timer until execution.
6. Under the Security tab, set the rights for the package class and instance rights.
7. Review your package choices under the Summary tab, then select Next. The Wizard will
complete.
Step 4: Create and Update Your Distribution Point
1. Startup your Configuration Manager Console GUI and expand the following:
Computer Management > Software Distribution > Packages.
Expand the package you created, and right-click Distribution Points.
Right-click Distribution Points and select New Distribution Points from the contextual
menu. A Wizard will open.
2. Select your SCCM server from the list of available servers and select Next. You will then see
a summary and the Wizard will complete.
3. You will now need to update the distribution point that was just created with the
advertisement package. Right-click Distribution Points and now select Update Distribution
Points from the contextual menu. A pop-up window will appear. Confirm the update by
selecting Yes.
Using Microsoft SCCM 2007 to Remove FortiClient:
1. Open the Configuration Manager Console:
System Center Configuration Manager > Site Database > Computer Management >
Software Distribution > Package > Advertisement.
2. Select the FortiClient package you wish to uninstall, then select Per-system uninstall. Ensure
you select the correct boundary collection. Specify when the advertisement will broadcast to
the members of the target collection.
3. Complete the Wizard. Ensure you delete the initial Installation Advertisement you used to
install FortiClient to prevent SCCM from reinstalling FortiClient.
Page 20
Central Management
Introduction
The purpose of this section is to provide basic instructions on how to configure, deploy, and
manage FortiClient configurations from FortiGate.
Page 21
Page 22
Page 23
Add an Accept Authentication Rule for all compliant Windows-PC clients. This rule will allow
Windows clients which have installed FortiClient, and have been registered to this FortiGate to
pass traffic.
Figure 19:Accept Authentication rule for compliant Windows-PC clients.
Add a Captive Portal Authentication Rule for all non-compliant Windows-PC clients. This rule
will redirect all Windows clients (web browser) to a dedicated portal where they can download
the client. Once registered to the FortiGate, the Endpoint Profile will be assigned.
Page 24
(Optional) Add an Accept Authentication rule to allow traffic from all other devices to pass traffic
without enforcing FortiClient Compliance.
Figure 21:Accept Authentication Rule for all other devices
Once these three Authentication rules are configured, select OK to save the new policy setting.
Your client configuration is ready for deployment.
Figure 22:Firewall policy configuration
Page 25
After the FortiGate configuration has been completed, you can proceed with FortiClient
configuration. Configure your Windows PC on the corporate network with the default gateway
set to the IP of the FortiGate.
To configure FortiClient for Endpoint Management, follow the steps listed below.
Page 26
Your personal computers default gateway IP should be configured to be the IP set on the
FortiGate interface.
Figure 25 shows an example broadcast message sent by the FortiGate, and received by
FortiClient. Select Accept to register with this FortiGate device. Upon registration, the FortiGate
will send the Endpoint Profile to FortiClient.
Figure 25:FortiGate broadcast message
Page 27
Figure 26 shows the behavior of FortiClient on initial setup. FortiClient will search for available
FortiGate devices to complete registration. Select the ? icon on the FortiClient dashboard to
retry the search.
Figure 26:FortiClient will search for an available FortiGate
If FortiClient is unable to detect a FortiGate device, enter the IP address or URL of the device
and select the Retry button as illustrated in Figure 27.
Page 28
When FortiClient locates the FortiGate, you will be prompted to confirm the registration as
illustrated in Figure 28. Select the Confirm button to complete registration.
Figure 28:Registration confirmation window
Upon successful registration, the FortiGate will deploy the endpoint configuration.
Page 29
The FortiClient console will display that it is successfully registered to the FortiGate. The
Endpoint Profile is installed on FortiClient.
Page 30
2. Configure an IPsec VPN connection from FortiClient to the management FortiGate. For more
information on configuring IPsec VPN see Create a new IPsec VPN connection on
page 50.
3. Connect to the VPN.
4. You can now search for the FortiGate gateway. See Step 2: FortiClient registration on
page 27 for more information.
5. After registration, the client is able to receive the Endpoint Profile.
Page 31
Page 32
The FortiClient user will need to enter the same registration key to successfully register
FortiClient to the FortiGate.
Page 33
AntiVirus
FortiClient AntiVirus
FortiClient v5.0.0 includes an AntiVirus module to scan system files, executables, dlls, and
drivers. FortiClient will also scan for, and remove rootkits.
This section describes how to enable AntiVirus, and configuration options.
Enable/Disable AntiVirus
To enable or disable FortiClient Real-time Protection, toggle the [Enable/Disable] option on the
FortiClient dashboard.
Notifications
Select the bell icon on the FortiClient dashboard to view all notifications. When a virus has been
detected, an exclamation icon will appear on the AntiVirus tree-menu tab. The bell icon will
change from gray to yellow.
Figure 36:Notifications window
Page 34
Scan Now
To perform on-demand AntiVirus scanning, select the Scan Now button on the FortiClient
dashboard. Use the drop-menu to select Custom Scan, Full Scan, or Quick Scan. The
dashboard notes the date of the last scan above the button.
Custom Scan runs the rootkit detection engine to detect and remove rootkits. Custom Scan
allows you to select a specific file folder on your local hard disk drive (HDD) to scan for threats.
Full Scan runs the rootkit detection engine to detect and remove rootkits. Full Scan then
performs a full system scan including all files, executables, dlls, and drivers for threats.
Quick System Scan runs the rootkit detection engine to detect and remove rootkits. Quick
System Scan only scans executable files, dlls, drivers that are currently running for threats.
Figure 37:AntiVirus Scan Now options
Page 35
Update Now
To perform on-demand update of FortiClient version, engines, and signatures, select the
Update Now button on the content pane. The content pane notes the date of the last update
above the button.
To view the current FortiClient version, engine, and signature information, select Help on the
tool-bar, and About on the drop-down menu.
Figure 38:About FortiClient page
The Database is up-to-date message on the FortiClient dashboard refers to the AntiVirus
signatures being up-to-date. Select Help > About for more information.
Page 36
Schedule Type
Scan On
For Weekly scheduled scan, select the day of the week on the
drop-down menu. For Monthly scheduled scan, the day of the month on
the drop-down menu.
Start
Select the start time on the drop-down menus. The time format is
represented in hours and minutes, 24-hour clock.
Scan Type
Page 37
File Name
Date Quarantined The date and time that the file was quarantined by FortiClient
File Information
Select a file from the list to view detailed information including the
quarantined location, status, virus name, and quarantined file name.
Logs
Refresh
Submit
Restore
Delete
Close
Page 38
Page 39
AntiVirus warning
When FortiClient Antivirus detects a virus while attempting to download a file via a
web-browser, you will receive a warning dialog message similar to Figure 42. Browse to the
Threat Quarantine menu on the dashboard to view details on the detected threat.
Figure 42:Example virus warning message
Page 40
AntiVirus logging
To configure AntiVirus logging, select File on the tool-bar, and Settings on the drop-down menu.
Select Logging to view the drop-down menu. On this menu you can configure options outlined
in the following figure and table.
Figure 43:Logging options
Logging
Enable logging for
these features
Log file
Export logs
Select to export logs to your local hard disk drive (HDD) in .log
format.
Clear logs
Upload logs to
Select to upload FortiClient logs to the registered FortiGate.
registered FortiGate
Page 41
AntiVirus options
To configure AntiVirus options, select File on the tool-bar, and Settings on the drop-down menu.
Select AntiVirus Options to view the drop-down menu. On this menu you can configure options
outlined in the following figure and table.
Figure 44:AntiVirus options
AntiVirus Options
Grayware Options
Adware
Riskware
Pause background Select to pause background scanning when your personal computer
scanning on battery is operating on battery power.
power
Page 42
When FortiClient is registered to a FortiGate, the Parental Control module will reflect Web
Filtering. You can disable Web Filtering on the FortiClient, from the FortiGate. If the FortiClient
device is behind a FortiGate, it will use the Web Filter profile on the FortiGate.
Page 43
Page 44
Application Firewall
FortiClient Application Firewall
FortiClient v5.0.0 can recognize the traffic generated by a large number of applications. You can
create rules to block or allow this traffic per category, or application.
This section describes how to enable the application firewall settings.
Page 45
Page 46
2. Select either Category or Application. For category, use the drop-down list to select a
category. For application, type either the full name of the application or first letter to search
all applications starting with the selected letter.
FortiClient Application Firewall can only block applications for which FortiGuard has an
application signature. You can submit a request to add a application signature on the
FortiGuard site.
Page 47
Page 48
Connection Name
Type
Select SSL-VPN.
Description
Remote Gateway
Port
Authentication
Username
If you selected to save login, enter the username in the dialog box.
Client Certificate
Certificate
Do not warn Invalid Select if you do not want to warned if the server presents an invalid
Server Certificate
certificate.
Page 49
Connection Name
Type
Description
Remote Gateway
Authentication
Method
X.509 Certificate,
Pre-shared Key
Authentication
(XAuth)
Username
If you selected save login, enter the username in the dialog box.
Page 50
Connect to a VPN
To connect to a VPN, select the name of the VPN from the drop-down menu. Enter your
username and password, and select the Connect button.
Figure 54:Connection options
You can also select to edit an existing VPN connection, and delete an existing VPN connection
using the drop-down menu.
When connected, the dashboard will display the connection status, duration, and other relevant
information. You can now browse your remote network. Select the Disconnect button when you
are ready to terminate the VPN session.
Page 51
Status
Duration
Bytes Received
Bytes Sent
Page 52
RedundantSortMethod = 1
This XML tag sets the IPsec VPN connection as ping-response based. The VPN will connect to
the FortiGate which responds the fastest.
Page 53
RedundantSortMethod = 0
By default, RedundantSortMethod =0, and the IPsec VPN connection is priority based. Priority
based configurations will try to connect to the FortiGate starting with the first on the list.
Page 54
VPN before logon, IPsec VPN and SSL-VPN redundancy are currently not supported in
FortiClient v5.0.0 GA (Mac OS X).
Page 55
Page 56
Page 57
Vulnerability Scan
Vulnerability Scan
FortiClient v5.0.0 includes an Vulnerability Scan module to check your personal computer for
known system vulnerabilities.
This section describes how to enable Vulnerability Scan, and configuration options.
Scan Now
To perform a vulnerability scan, select the Scan Now button on the FortiClient dashboard.
FortiClient will scan your personal computer for known vulnerabilities. The dashboard notes the
date of the last scan above the button.
Figure 56:Vulnerability scan in progress
Update Now
Select the Update Now button on the FortiClient dashboard to update the vulnerability
signature.
Page 58
View Vulnerabilities
When the scan is complete, FortiClient will display the number of vulnerabilities found on the
dashboard. Select the Found link to view a list of vulnerabilities detected on your system.
Figure 57: Vulnerabilities detected page
Details
Time
Select the Details ID number from the list to view information on the selected vulnerability on the
FortiGuard site. The site details the release date, severity, impact, description, affected
products, and recommended actions.
Page 59
Page 60
Settings
Backup or restore full configuration
To backup or restore the full configuration file, select File on the tool-bar, and Settings on the
drop-down menu. Select System to view the drop-down menu. On this menu you can perform a
backup, restore a full configuration file. You can also select to back up the configuration file to a
FortiGate device.
Figure 59:Backup and Restore options
When performing a backup, you can select the file destination, and save the file in an
unencrypted or encrypted format.
Figure 60:Backup file created successfully
Page 61
Logging
To configure logging, select File on the tool-bar, and Settings on the drop-down menu. Select
Logging to view the drop-down menu. On this menu you can configure logging for the following
features:
VPN
AntiVirus
Update
Application Firewall
Parental Control
Vulnerability
You can select to export logs, clear logs, upload logs to the registered FortiGate. When
selecting to upload the logs to a registered FortiGate, you can specify either hourly, or daily
uploads.
Figure 61:Logging options
Updates
To configure updates, select File on the tool-bar, and Settings on the drop-down menu. Select
Up-to-Date to view the drop-down menu. On this menu you can configure the behavior of
FortiClient when a new software version is available on the FortiGuard Distribution Servers.
Figure 62:Update options
Page 62
VPN options
To configure VPN options, select File on the tool-bar, and Settings on the drop-down menu.
Select VPN Options to view the drop-down menu. On this menu you can configure to enable
VPN before logon.
Figure 63:VPN options
Certificate Management
To configure VPN certificates, select File on the tool-bar, and Settings on the drop-down menu.
Select Certificate Management to view the drop-down menu. On this menu you can configure
IPsec VPN to use local certificates, and import certificates to FortiClient.
Figure 64:Certificate options
AntiVirus options
To configure AntiVirus options, select File on the tool-bar, and Settings on the drop-down menu.
Select AntiVirus Options to view the drop-down menu. On this menu you can configure
Grayware options, and the behavior of FortiClient when a virus is detected.
Figure 65:AntiVirus options
Page 63
Advanced options
To configure advanced options, select File on the tool-bar, and Settings on the drop-down
menu. Select Advanced to view the drop-down menu. On this menu you can configure WAN
Optimization, Single Sign-On, configuration sync with FortiGate, disable proxy, and the default
tab when FortiClient is started.
Figure 66:Advanced options
FortiClient/FortiAuthenticator Protocol
The FortiAuthenticator listens on a configurable TCP port. FortiClient connects to
FortiAuthenticator using TLS/SSL with two-way certificate authentication. The FortiClient sends
a logon packet to FortiAuthenticator, which replies with an acknowledgement packet.
FortiClient/FortiAuthenticator communication requires the following:
The IP address should be unique in the entire network.
The FortiAuthenticator should be accessible from clients in all locations.
The FortiAuthenticator should be accessible by all FortiGates.
FortiClient Single Sign-On mobility agent requires a FortiAuthenticator running v2.0.0 GA build
0006. Enter the FortiAuthenticator (server) IP address, and the pre-shared key configured on the
FortiAuthenticator.
Page 64
4. To enable FortiClient FSSO services on the interface, select System > Network > Interface.
select Edit to edit the network interface, select FortiClient FSSO to enable.
Figure 68:Enable services
To enable the FortiClient SSO Mobility agent service on the FortiAuthenticator, you must first
apply the applicable FortiClient license for FortiAuthenticator. For more information, see the
FortiAuthenticator v2.0 Administration Guide at http://docs.fortinet.com. For information on
purchasing a FortiClient license, please contact your authorized Fortinet reseller.
Page 65
File extensions
FortiClient supports the following four file types:
.conf
A plain-text configuration file.
.sconf
A secure (encrypted) configuration file.
.conn
A plain-text VPN connection configuration file.
.sconn
A secure (encrypted) VPN connection configuration file
A configuration file can be generated from the settings page of FortiClient GUI or by using the
command-line program: FCConfig.exe, installed with FortiClient.
File Sections
Configuration file sections
The configuration file consists of the following sections:
Meta Data
Basic data controlling the entire configuration file.
System Settings
General configurations that are not specific to any of the modules listed below (or affects
more than one module).
VPN Settings
Certificates
AntiVirus
Endpoint Control
Single Sign-on (SSO) Mobility
WAN Optimization
Page 66
Web Filtering
Application Firewall
Vulnerability Scan
Page 67
Page 68
Page 69
<address />
<port>80</port>
<username>Enc
6dc3c2c346150a7c3642622e256c6c6310387786779be239</username>
<password>Enc
a0fbf2a976157c9e4221d9afcce0b280d9f266eb55421124</password>
</proxy>
<update>
<use_custom_server>0</use_custom_server>
<server />
<port />
<timeout>60</timeout>
<failoverport>8000</failoverport>
<fail_over_to_fdn>1</fail_over_to_fdn>
<update_action>notify_only</update_action>
<scheduled_update>
<enabled>1</enabled>
<type>interval</type>
<daily_at>03:00</daily_at>
<update_interval_in_hours>3</update_interval_in_hours>
</scheduled_update>
</update>
<fortiproxy>
<enabled>1</enabled>
<enable_https_proxy>1</enable_https_proxy>
<http_timeout>60</http_timeout>
<client_comforting>
<pop3_client>1</pop3_client>
<pop3_server>1</pop3_server>
<smtp>1</smtp>
</client_comforting>
<selftest>
<enabled>0</enabled>
<last_port>65535</last_port>
<notify>0</notify>
</selftest>
</fortiproxy>
</system>
<vpn>
Fortinet Technologies Inc.
Page 70
<options>
<current_connection_name>psk_90_1</current_connection_name>
<current_connection_type>ipsec</current_connection_type>
<save_password>0</save_password>
<minimize_window_on_connect>1</minimize_window_on_connect>
<show_vpn_before_logon>1</show_vpn_before_logon>
<use_windows_credentials>1</use_windows_credentials>
<show_negotiation_wnd>0</show_negotiation_wnd>
</options>
<sslvpn>
<options>
<enabled>1</enabled>
</options>
<connections>
<connection>
<name>ssl_90_1</name>
<server>10.10.90.1;ssldemo.fortinet.com;172.17.61.143:443</server>
<username>Enc
1f62aab909838c5b3871fe47fe92b1476bc964751d50ba91ba3d88d6</username>
<password />
<certificate />
<warn_invalid_server_certificate>0</warn_invalid_server_certificate>
<prompt_certificate>0</prompt_certificate>
<prompt_username>1</prompt_username>
<on_connect>
<script>
<os>windows</os>
<script>
<!--Write MS DOS batch script inside the
CDATA tag below.
One line per command, just like a regular batch script file.
The script will be executed in the context of the user that connected
the tunnel.
Wherever you write #username# in your script, it will be automatically
substituted with the xauth username of the user that connected the
tunnel.
Wherever you write #password# in your script, it will be automatically
substituted with the xauth password of the user that connected the
tunnel.
Fortinet Technologies Inc.
Page 71
Page 72
<uselocalcert>0</uselocalcert>
<usesmcardcert>1</usesmcardcert>
</options>
<connections>
<connection>
<name>psk_90_1</name>
<type>manual</type>
<ike_settings>
<prompt_certificate>0</prompt_certificate>
<server>10.10.90.1;ipsecdemo.fortinet.com;172.17.61.143</server>
<authentication_method>Preshared
Key</authentication_method>
<auth_key>Enc
159cf2d1ef8e3a88af3eda71307fa7262d4a630c9f59e9ac7c4e480055dc</auth_key
>
<mode>aggressive</mode>
<dhgroup>5;</dhgroup>
<key_life>28800</key_life>
<localid />
<nat_traversal>1</nat_traversal>
<mode_config>1</mode_config>
<enable_local_lan>0</enable_local_lan>
<nat_alive_freq>5</nat_alive_freq>
<dpd>1</dpd>
<dpd_retry_count>3</dpd_retry_count>
<dpd_retry_interval>5</dpd_retry_interval>
<enable_ike_fragmentation>0</enable_ike_fragmentation>
<RedundantSortMethod>1</RedundantSortMethod>
<xauth>
<enabled>1</enabled>
<prompt_username>1</prompt_username>
<username>Enc
9aaa9c8b38cfc0a8ecac0eaa252eb7acbc723305b5ed5a768147f8fb</username>
<password />
</xauth>
<proposals>
<proposal>3DES|MD5</proposal>
<proposal>3DES|SHA1</proposal>
Fortinet Technologies Inc.
Page 73
<proposal>AES128|MD5</proposal>
<proposal>AES128|SHA1</proposal>
</proposals>
</ike_settings>
<ipsec_settings>
<remote_networks>
<network>
<addr>0.0.0.0</addr>
<mask>0.0.0.0</mask>
</network>
</remote_networks>
<dhgroup>5</dhgroup>
<key_life_type>seconds</key_life_type>
<key_life_seconds>1800</key_life_seconds>
<key_life_Kbytes>5120</key_life_Kbytes>
<replay_detection>1</replay_detection>
<pfs>1</pfs>
<autokey_keep_alive>0</autokey_keep_alive>
<use_vip>1</use_vip>
<virtualip>
<type>modeconfig</type>
<ip>0.0.0.0</ip>
<mask>0.0.0.0</mask>
<dnsserver>0.0.0.0</dnsserver>
<winserver>0.0.0.0</winserver>
</virtualip>
<proposals>
<proposal>3DES|MD5</proposal>
<proposal>3DES|SHA1</proposal>
<proposal>AES128|MD5</proposal>
<proposal>AES128|SHA1</proposal>
</proposals>
</ipsec_settings>
<on_connect>
<script>
<os>windows</os>
<script>
Page 74
Page 75
</on_disconnect>
</connection>
</connections>
</ipsecvpn>
</vpn>
<certificates>
<crl>
<ocsp />
</crl>
</certificates>
<antivirus>
<signature_expired_notification>0</signature_expired_notification>
<scan_on_insertion>0</scan_on_insertion>
<shell_integration>1</shell_integration>
<antirootkit>4294967295</antirootkit>
<disable_csum_cal>0</disable_csum_cal>
<scheduled_scans>
<!--zero, one or more of the following child nodes-->
<full>
<enabled>1</enabled>
<repeat>1</repeat>
<days>2</days>
<time>18:30</time>
<removable_media>1</removable_media>
<network_drives>0</network_drives>
<priority>0</priority>
</full>
</scheduled_scans>
<on_demand_scanning>
<on_virus_found>0</on_virus_found>
<pause_on_battery_power>1</pause_on_battery_power>
<automatic_virus_submission>
<enabled>0</enabled>
<smtp_server>fortinetvirussubmit.com</smtp_server>
<username />
<password>Enc
c9d988206b3fe7b8dbbf887608b24f0b92c0ba1a55118120</password>
</automatic_virus_submission>
Fortinet Technologies Inc.
Page 76
<compressed_files>
<scan>1</scan>
<maxsize>0</maxsize>
</compressed_files>
<riskware>
<enabled>1</enabled>
</riskware>
<adware>
<enabled>1</enabled>
</adware>
<heuristic_scanning>1</heuristic_scanning>
<scan_file_types>
<all_files>1</all_files>
<file_types>
<extensions>.386,.ACE,.ACM,.ACV,.ACX,.ADT,.APP,.ASD,.ASP,.ASX,.AVB,.AX
,.AX2,.BAT,.BIN,.BTM,.CDR,.CFM,.CHM,.CLA,.CLASS,.CMD,.CNN,.COM,.CPL,.C
PT,.CPY,.CSC,.CSH,.CSS,.DEV,.DLL,.DOC,.DOT,.DRV,.DVB,.DWG,.EML,.EXE,.F
ON,.GMS,.GVB,.HLP,.HTA,.HTM,.HTML,.HTT,.HTW,.HTX,.HXS,.INF,.INI,.JPG,.
JS,.JTD,.KSE,.LGP,.LIB,.LNK,.MDB,.MHT,.MHTM,.MHTML,.MOD,.MPD,.MPP,.MPT
,.MRC,.OCX,.PIF,.PL,.PLG,.PM,.PNF,.PNP,.POT,.PPA,.PPS,.PPT,.PRC,.PWZ,.
QLB,.QPW,.REG,.RTF,.SBF,.SCR,.SCT,.SH,.SHB,.SHS,.SHT,.SHTML,.SHW,.SIS,
.SMM,.SWF,.SYS,.TD0,.TLB,.TSK,.TSP,.TT6,.VBA,.VBE,.VBS,.VBX,.VOM,.VSD,
.VSS,.VST,.VWP,.VXD,.VXE,.WBK,.WBT,.WIZ,.WK,.WML,.WPC,.WPD,.WSC,.WSF,.
WSH,.XLS,.XML,.XTP</extensions>
<include_files_with_no_extension>0</include_files_with_no_extension>
</file_types>
</scan_file_types>
<exclusions>
<!--the element below can exist 0-n times-->
<!--the element below can exist 0-n times-->
<file_types>
<extensions />
</file_types>
</exclusions>
</on_demand_scanning>
<real_time_protection>
<enabled>1</enabled>
<when>0</when>
<on_virus_found>5</on_virus_found>
<popup_alerts>1</popup_alerts>
Fortinet Technologies Inc.
Page 77
<popup_registry_alerts>0</popup_registry_alerts>
<compressed_files>
<scan>1</scan>
<maxsize>2</maxsize>
</compressed_files>
<riskware>
<enabled>1</enabled>
</riskware>
<adware>
<enabled>1</enabled>
</adware>
<heuristic_scanning>
<enabled>0</enabled>
<action>3</action>
</heuristic_scanning>
<scan_file_types>
<all_files>1</all_files>
<file_types>
<extensions>.386,.ACE,.ACM,.ACV,.ACX,.ADT,.APP,.ASD,.ASP,.ASX,.AVB,.AX
,.AX2,.BAT,.BIN,.BTM,.CDR,.CFM,.CHM,.CLA,.CLASS,.CMD,.CNN,.COM,.CPL,.C
PT,.CPY,.CSC,.CSH,.CSS,.DEV,.DLL,.DOC,.DOT,.DRV,.DVB,.DWG,.EML,.EXE,.F
ON,.GMS,.GVB,.HLP,.HTA,.HTM,.HTML,.HTT,.HTW,.HTX,.HXS,.INF,.INI,.JPG,.
JS,.JTD,.KSE,.LGP,.LIB,.LNK,.MDB,.MHT,.MHTM,.MHTML,.MOD,.MPD,.MPP,.MPT
,.MRC,.OCX,.PIF,.PL,.PLG,.PM,.PNF,.PNP,.POT,.PPA,.PPS,.PPT,.PRC,.PWZ,.
QLB,.QPW,.REG,.RTF,.SBF,.SCR,.SCT,.SH,.SHB,.SHS,.SHT,.SHTML,.SHW,.SIS,
.SMM,.SWF,.SYS,.TD0,.TLB,.TSK,.TSP,.TT6,.VBA,.VBE,.VBS,.VBX,.VOM,.VSD,
.VSS,.VST,.VWP,.VXD,.VXE,.WBK,.WBT,.WIZ,.WK,.WML,.WPC,.WPD,.WSC,.WSF,.
WSH,.XLS,.XML,.XTP</extensions>
<include_files_with_no_extension>0</include_files_with_no_extension>
</file_types>
</scan_file_types>
<exclusions>
<!--the element below can exist 0-n times-->
<!--the element below can exist 0-n times-->
<file_types>
<extensions />
</file_types>
</exclusions>
</real_time_protection>
<email>
Fortinet Technologies Inc.
Page 78
<smtp>1</smtp>
<pop3>1</pop3>
<outlook>1</outlook>
<wormdetection>
<enabled>0</enabled>
<action>0</action>
</wormdetection>
<heuristic_scanning>
<enabled>0</enabled>
<action>0</action>
</heuristic_scanning>
</email>
<quarantine>
<cullage>100</cullage>
</quarantine>
<server>
<exchange>
<integrate>0</integrate>
<action>0</action>
<excludefilesystemfromscanning>0</excludefilesystemfromscanning>
<excludefileextensionsfromscanning>0</excludefileextensionsfromscannin
g>
</exchange>
<sqlserver>
<excludefilesystemfromscanning>0</excludefilesystemfromscanning>
<excludefileextensionsfromscanning>0</excludefileextensionsfromscannin
g>
</sqlserver>
</server>
</antivirus>
<endpoint_control>
<enabled>1</enabled>
<!--short keepalive timeout in ms-->
<keepalive_short_timeout>20000</keepalive_short_timeout>
<!--keepalive timeout in seconds-->
<keepalive_timeout>1800</keepalive_timeout>
Fortinet Technologies Inc.
Page 79
<custom_ping_server />
<offnet_update>1</offnet_update>
<user>Enc
bc91188bb060e59641ce75b84b0f319949f191b90b2c99565c8c</user>
<disable_unregister>0</disable_unregister>
<log_upload_enabled>0</log_upload_enabled>
<log_upload_freq_hours>1</log_upload_freq_hours>
<log_last_upload_date>1</log_last_upload_date>
<fgt_logoff_on_fct_shutdown>1</fgt_logoff_on_fct_shutdown>
<show_bubble_notifications>0</show_bubble_notifications>
<ignore_all_broadcast>0</ignore_all_broadcast>
</endpoint_control>
<fssoma>
<enabled>0</enabled>
<serveraddress />
<presharedkey>Enc
099d3d583a9748b62dd3a77a9344aa4ee8bcd6da1372edf8</presharedkey>
</fssoma>
<wan_optimization>
<enabled>0</enabled>
<support_http>1</support_http>
<support_cifs>1</support_cifs>
<support_mapi>1</support_mapi>
<support_ftp>1</support_ftp>
<max_disk_cache_size_mb>512</max_disk_cache_size_mb>
</wan_optimization>
<webfilter>
<https_enabled>1</https_enabled>
<!--use enable_filter to enable/disable WebFiltering-->
<enable_filter>1</enable_filter>
<!--enabled enables/disables the FortiGuard querying service.-->
<enabled>1</enabled>
<log_all_urls>0</log_all_urls>
<white_list_has_priority>0</white_list_has_priority>
<current_profile>0</current_profile>
<partial_match_host>0</partial_match_host>
<disable_when_managed>0</disable_when_managed>
<max_violations>5000</max_violations>
<max_violation_age>90</max_violation_age>
Fortinet Technologies Inc.
Page 80
<fortiguard>
<enabled>1</enabled>
<rate_ip_addresses>0</rate_ip_addresses>
</fortiguard>
<profiles>
<profile>
<id>0</id>
<cate_ver>6</cate_ver>
<description />
<name />
<temp_whitelist_timeout>300</temp_whitelist_timeout>
<categories>
<category>
<id>1
<!--Drug Abuse (Potentially Liable)-->
</id>
<action>deny</action>
</category>
<category>
<id>2
<!--Alternative Beliefs (Adult/Mature
Content)-->
</id>
<action>deny</action>
</category>
<category>
<id>3
<!--Hacking (Potentially Liable)-->
</id>
<action>deny</action>
</category>
<category>
<id>4
<!--Illegal or Unethical (Potentially
Liable)-->
</id>
<action>deny</action>
</category>
<category>
Fortinet Technologies Inc.
Page 81
<id>5
<!--Discrimination (Potentially Liable)-->
</id>
<action>deny</action>
</category>
<category>
<id>6
<!--Explicit Violence (Potentially Liable)-->
</id>
<action>deny</action>
</category>
<category>
<id>7
<!--Abortion (Adult/Mature Content)-->
</id>
<action>deny</action>
</category>
<category>
<id>8
<!--Other Adult Materials (Adult/Mature
Content)-->
</id>
<action>deny</action>
</category>
<category>
<id>9
<!--Advocacy Organizations (Adult/Mature
Content)-->
</id>
<action>deny</action>
</category>
<category>
<id>11
<!--Gambling (Adult/Mature Content)-->
</id>
<action>deny</action>
</category>
<category>
<id>12
Fortinet Technologies Inc.
Page 82
Page 83
</id>
<action>deny</action>
</category>
<category>
<id>59
<!--Proxy Avoidance (Potentially Liable)-->
</id>
<action>deny</action>
</category>
<category>
<id>61
<!--Phishing (Security Risk)-->
</id>
<action>deny</action>
</category>
<category>
<id>62
<!--Plagiarism (Potentially Liable)-->
</id>
<action>deny</action>
</category>
<category>
<id>64
<!--Alcohol (Adult/Mature Content)-->
</id>
<action>deny</action>
</category>
<category>
<id>65
<!--Tobacco (Adult/Mature Content)-->
</id>
<action>deny</action>
</category>
<category>
<id>83
<!--Child Abuse (Potentially Liable)-->
</id>
<action>deny</action>
Fortinet Technologies Inc.
Page 84
</category>
<category>
<id>86
<!--Spam URLs (Security Risk)-->
</id>
<action>deny</action>
</category>
</categories>
</profile>
<profile>
<id>2</id>
<cate_ver>6</cate_ver>
<description>deny</description>
<name>deny</name>
<temp_whitelist_timeout>300</temp_whitelist_timeout>
<categories>
<category>
<id>26
<!--Malicious Websites (Security Risk)-->
</id>
<action>deny</action>
</category>
<category>
<id>61
<!--Phishing (Security Risk)-->
</id>
<action>deny</action>
</category>
<category>
<id>86
<!--Spam URLs (Security Risk)-->
</id>
<action>deny</action>
</category>
</categories>
</profile>
<!-This is a table of all Web Filter categories (Id ==> Category Name)
Fortinet Technologies Inc.
Page 85
0 ==> Unrated
1 ==> Drug Abuse
2 ==> Alternative Beliefs
3 ==> Hacking
4 ==> Illegal or Unethical
5 ==> Discrimination
6 ==> Explicit Violence
7 ==> Abortion
8 ==> Other Adult Materials
9 ==> Advocacy Organizations
11 ==> Gambling
12 ==> Extremist Groups
13 ==> Nudity and Risque
14 ==> Pornography
15 ==> Dating
16 ==> Weapons (Sales)
17 ==> Advertising
18 ==> Brokerage and Trading
19 ==> Freeware and Software Downloads
20 ==> Games
23 ==> Web-based Email
24 ==> File Sharing and Storage
25 ==> Streaming Media and Download
26 ==> Malicious Websites
28 ==> Entertainment
29 ==> Arts and Culture
30 ==> Education
31 ==> Finance and Banking
33 ==> Health and Wellness
34 ==> Job Search
35 ==> Medicine
36 ==> News and Media
37 ==> Social Networking
38 ==> Political Organizations
39 ==> Reference
40 ==> Global Religion
41 ==> Search Engines and Portals
42 ==> Shopping and Auction
Fortinet Technologies Inc.
Page 86
Page 87
Page 88
Page 89
</ui>
</system>
<vpn>
<options>
<autoconnect_tunnel>ssl 198 no cert</autoconnect_tunnel>
</options>
<ipsecvpn>
<options>
<enabled>1</enabled>
</options>
<connections>
<connection>
<name>ipsec</name>
<type>manual</type>
<ike_settings>
<prompt_certificate>0</prompt_certificate>
<description></description>
<server>172.17.61.166</server>
<authentication_method>Preshared
Key</authentication_method>
<auth_key>Enc
420d2ee65abded897a69c50f49950859b45c780adb269f3aa69aaa6690d2984032</au
th_key>
<mode>aggressive</mode>
<dhgroup>5</dhgroup>
<key_life>28800</key_life>
<localid></localid>
<nat_traversal>1</nat_traversal>
<mode_config>1</mode_config>
<dpd>1</dpd>
<xauth>
<enabled>1</enabled>
<prompt_username>0</prompt_username>
<username>Enc
420d2ee65abded897a69c50f49954d0df619498b1925dd2d993abf54be</username>
<password>Enc
420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</password>
</xauth>
<proposals>
<proposal>3des|md5</proposal>
Fortinet Technologies Inc.
Page 90
<proposal>3des|sha1</proposal>
<proposal>aes128|md5</proposal>
<proposal>aes128|sha1</proposal>
<proposal>aes256|md5</proposal>
<proposal>aes256|sha1</proposal>
<proposal>aes|md5</proposal>
<proposal>aes|sha1</proposal>
<proposal>des|md5</proposal>
<proposal>des|sha1</proposal>
</proposals>
</ike_settings>
<ipsec_settings>
<remote_networks></remote_networks>
<dhgroup>5</dhgroup>
<key_life_type>seconds</key_life_type>
<key_life_seconds>1800</key_life_seconds>
<pfs></pfs>
<use_vip>1</use_vip>
<virtualip>
<type>modeconfig</type>
<ip></ip>
<mask></mask>
<dnsserver></dnsserver>
</virtualip>
<proposals></proposals>
</ipsec_settings>
<on_connect>
<script>
<os>mac</os>
<script></script>
</script>
</on_connect>
<on_disconnect>
<script>
<os>mac</os>
<script></script>
</script>
</on_disconnect>
Fortinet Technologies Inc.
Page 91
<keep_running>0</keep_running>
</connection>
</connections>
</ipsecvpn>
<sslvpn>
<options>
<enabled>1</enabled>
</options>
<connections>
<connection>
<name>ssl 198 no cert</name>
<description></description>
<server>172.17.61.198:443</server>
<username>Enc
420d2ee65abded897a69c50f49954d0df619498b1925dd2d993abf54be</username>
<password>Enc
420d2ee65abded897a69c50f49950859b45c780aea0e9804dac646c9f6c4b4</passwo
rd>
<certificate>Enc
420d2ee65abded897a69c50f4995397969f1c1f949055d8e51</certificate>
<warn_invalid_server_certificate>1</warn_invalid_server_certificate>
<prompt_certificate>0</prompt_certificate>
<prompt_username>0</prompt_username>
<on_connect>
<script>
<os>mac</os>
<script>/bin/mkdir /Volumes/installers
/sbin/ping -c 4 192.168.1.147 > /Users/admin/Desktop/dropbox/p.txt
/sbin/mount -t smbfs //qa:111111@192.168.1.147/installers
/Volumes/installers/ > /Users/admin/Desktop/dropbox/m.txt
/bin/mkdir /Users/admin/Desktop/dropbox/dir
/bin/cp /Volumes/installers/*.log
/Users/admin/Desktop/dropbox/dir/.</script>
</script>
</on_connect>
<on_disconnect>
<script>
<os>mac</os>
<script>/sbin/umount /Volumes/installers
Page 92
Page 93
<white_list_has_priority>0</white_list_has_priority>
<partial_match_host>0</partial_match_host>
<fortiguard>
<enabled>0</enabled>
<rate_ip_addresses>0</rate_ip_addresses>
</fortiguard>
<show_bubble_notifications>0</show_bubble_notifications>
<profiles>
<profile>
<id>0</id>
<display_name>Default Profile</display_name>
<description></description>
<cate_ver>0</cate_ver>
<categories>
<category>
<id>1</id>
<action>deny</action>
</category>
<category>
<id>2</id>
<action>deny</action>
</category>
<category>
<id>3</id>
<action>deny</action>
</category>
<category>
<id>4</id>
<action>deny</action>
</category>
<category>
<id>5</id>
<action>deny</action>
</category>
<category>
<id>6</id>
<action>deny</action>
</category>
Fortinet Technologies Inc.
Page 94
<category>
<id>7</id>
<action>deny</action>
</category>
<category>
<id>8</id>
<action>deny</action>
</category>
<category>
<id>9</id>
<action>deny</action>
</category>
<category>
<id>11</id>
<action>deny</action>
</category>
<category>
<id>12</id>
<action>deny</action>
</category>
<category>
<id>13</id>
<action>deny</action>
</category>
<category>
<id>14</id>
<action>deny</action>
</category>
<category>
<id>15</id>
<action>deny</action>
</category>
<category>
<id>16</id>
<action>deny</action>
</category>
<category>
<id>26</id>
Fortinet Technologies Inc.
Page 95
<action>deny</action>
</category>
<category>
<id>32</id>
<action>deny</action>
</category>
<category>
<id>57</id>
<action>deny</action>
</category>
<category>
<id>59</id>
<action>deny</action>
</category>
<category>
<id>61</id>
<action>deny</action>
</category>
<category>
<id>62</id>
<action>deny</action>
</category>
<category>
<id>64</id>
<action>deny</action>
</category>
<category>
<id>65</id>
<action>deny</action>
</category>
<category>
<id>83</id>
<action>deny</action>
</category>
<category>
<id>86</id>
<action>deny</action>
</category>
Fortinet Technologies Inc.
Page 96
</categories>
<urls></urls>
</profile>
<profile>
<id>1000</id>
<display_name>1000</display_name>
<description></description>
<cate_ver>6</cate_ver>
<categories>
<category>
<id>2</id>
<action>deny</action>
</category>
<category>
<id>7</id>
<action>deny</action>
</category>
<category>
<id>8</id>
<action>deny</action>
</category>
<category>
<id>9</id>
<action>deny</action>
</category>
<category>
<id>11</id>
<action>deny</action>
</category>
<category>
<id>13</id>
<action>deny</action>
</category>
<category>
<id>14</id>
<action>deny</action>
</category>
<category>
Fortinet Technologies Inc.
Page 97
<id>15</id>
<action>deny</action>
</category>
<category>
<id>16</id>
<action>deny</action>
</category>
<category>
<id>19</id>
<action>deny</action>
</category>
<category>
<id>24</id>
<action>deny</action>
</category>
<category>
<id>25</id>
<action>deny</action>
</category>
<category>
<id>26</id>
<action>deny</action>
</category>
<category>
<id>30</id>
<action>deny</action>
</category>
<category>
<id>57</id>
<action>deny</action>
</category>
<category>
<id>61</id>
<action>deny</action>
</category>
<category>
<id>63</id>
<action>deny</action>
Fortinet Technologies Inc.
Page 98
</category>
<category>
<id>64</id>
<action>deny</action>
</category>
<category>
<id>65</id>
<action>deny</action>
</category>
<category>
<id>66</id>
<action>deny</action>
</category>
<category>
<id>67</id>
<action>deny</action>
</category>
<category>
<id>72</id>
<action>deny</action>
</category>
<category>
<id>75</id>
<action>deny</action>
</category>
<category>
<id>76</id>
<action>deny</action>
</category>
<category>
<id>86</id>
<action>deny</action>
</category>
</categories>
<urls></urls>
</profile>
</profiles>
</webfilter>
Fortinet Technologies Inc.
Page 99
<firewall>
<enabled>1</enabled>
<show_bubble_notifications>1</show_bubble_notifications>
<current_profile>1000</current_profile>
<profiles>
<profile>
<id>0</id>
<rules>
<rule>
<id></id>
<filter>
<category>5</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>6</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
Fortinet Technologies Inc.
Page 100
<filter>
<category>7</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>15</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>18</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
Fortinet Technologies Inc.
Page 101
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>19</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>20</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
</rules>
</profile>
<profile>
<id>1000</id>
<rules>
<rule>
<id></id>
<filter>
Fortinet Technologies Inc.
Page 102
<category>2</category>
<vendor>All</vendor>
<behavior>All</behavior>
<technology>All</technology>
<protocol>All</protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>5</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>19</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
Fortinet Technologies Inc.
Page 103
</rule>
<rule>
<id></id>
<filter>
<category>21</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>24</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>8</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
Fortinet Technologies Inc.
Page 104
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>12</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>1</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>15</category>
<vendor></vendor>
Fortinet Technologies Inc.
Page 105
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>6</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>7</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
Fortinet Technologies Inc.
Page 106
<id></id>
<filter>
<category>23</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>22</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>17</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
Fortinet Technologies Inc.
Page 107
<action>block</action>
<enabled>1</enabled>
</rule>
<rule>
<id></id>
<filter>
<category>3</category>
<vendor></vendor>
<behavior></behavior>
<technology></technology>
<protocol></protocol>
<application></application>
<popularity></popularity>
</filter>
<action>block</action>
<enabled>1</enabled>
</rule>
</rules>
</profile>
</profiles>
</firewall>
<vulnerability_scan>
<enabled>1</enabled>
<scheduled_scans>
<schedule>
<scan_on_fgt_registration>0</scan_on_fgt_registration>
<repeat>2</repeat>
<type>24</type>
<day>31</day>
<time>00:00:00</time>
</schedule>
</scheduled_scans>
</vulnerability_scan>
<antivirus>
<scheduled_scans>
<full>
<enabled>1</enabled>
<repeat>1</repeat>
Fortinet Technologies Inc.
Page 108
<days>2</days>
<time>18:30</time>
<removable_media>1</removable_media>
</full>
</scheduled_scans>
<on_demand_scanning>
<on_virus_found>4</on_virus_found>
<compressed_files>
<scan>1</scan>
<maxsize>0</maxsize>
</compressed_files>
<riskware>
<enabled>0</enabled>
</riskware>
<adware>
<enabled>0</enabled>
</adware>
<heuristic_scanning>0</heuristic_scanning>
<exclusions></exclusions>
</on_demand_scanning>
<real_time_protection>
<enabled>1</enabled>
<when>0</when>
<on_virus_found>5</on_virus_found>
<popup_alerts>1</popup_alerts>
<compressed_files>
<scan>1</scan>
<maxsize>2</maxsize>
</compressed_files>
<riskware>
<enabled>0</enabled>
</riskware>
<adware>
<enabled>0</enabled>
</adware>
<heuristic_scanning>
<enabled>0</enabled>
<action>0</action>
Fortinet Technologies Inc.
Page 109
</heuristic_scanning>
<exclusions></exclusions>
</real_time_protection>
<quarantine>
<cullage>100</cullage>
</quarantine>
</antivirus>
</forticlient_configuration>
Page 110
FortiClient Tools
Tools
FortiClient includes various utility tools and files to help with installations.
Windows
The following tools and files are available in the FortiClientTools zip file:
FortiClientConfigurator
FortiClientConfiguratorGUI.exe /FortiClientConfigurator.exe
An installer configuration tool that is used to create customized MSI files.
OnlineInstaller
FortiClientInstaller.exe
This is an installer, which, when run on a Windows client, will connect to the FDS to
download and install the full FortiClient application.
FortiGate
FCInstallerLight.exe
This utility is not intended for end users. It is used in conjunction with the Endpoint
Control feature in FortiOS v5.0. Endpoint Control will redirect all users detected as not
running FortiClient to a dedicated portal. From this portal, the user can download
FCInstallerLight.exe, which will then subsequently download the full FortiClient
installation from the FDS servers.
SupportUtils
FCRemove.exe
FCRemove.exe is a clean-up tool for use only if the Add/Remove Programs feature in
Windows fails to remove FortiClient completely.
FortiClient_Diagnostic_Tool.exe
This tool can be run on the command line to collect information on the locally installed
FortiClient application. Examples of data collected includes: FortiClient version and build
number, log files, configuration file, and VPN tunnel configuration. This can be sent to
Fortinet support team for investigation of customer-reported issues.
ReinstallNIC.exe
A utility to uninstall and reinstall the Windows NIC driver if the user is having problems
with DHCP acquisition after FortiClient is installed (Windows 7 or higher ONLY).
Mac OS X
The following tools and files are available in the FortiClientTools zip file:
OnlineInstaller
FortiClient_4.9.29.68_Installer.dmg
This is an installer, which, when run on a Mac OS X client, will connect to the FDS to download
and install the full FortiClient application.
Page 111
Index
A
antivirus
custom scan 35, 37
enable or disable 34
exclusion list 39
full scan 35, 37
logging 41
notifications 34
perform on-demand scanning 35
quick scan 35, 37
schedule a scan 37
update now 36
view quarantined threats 38
application firewall
application firewall rules 46
enable or disable 45
logging 47
view applications blocked 45
licensing 7
C
CLI
backup 67
export VPN tunnel configuration 67
import VPN tunnel 67
restore 67
M
MSI
custom MSI installation 17
FortiClient Configurator 17
Microsoft Active Directory 18
Microsoft System Center Configuration Manager 19
R
registration key 33
S
settings
advanced options 64
antivirus 63
backup or restore the full configuration file 61
certificate management 63
logging 62
SSO mobility agent 64
updates 62
VPN options 63
tools
FortiClientConfigurator 111
MSI 111
forticlient
licensing 7
FortiClient Endpoint Registration 32
grayware 10
vulnerability scan
Bugtraq ID 59
logging 60
perform a vulnerability scan 58
update now 58
view scan results 59
installation
EULA 11, 14
forticlient 11, 14
language support 9
minimum system requirements 8
setup wizard 11, 14
supported operating systems 8
XML
always up 54
autoconnect 54
configuration file 66
connect VPN before logon 53
create a redundant IPsec VPN 55
priority based SSL-VPN connections 54
Page 112