Forticlient
Forticlient
Forticlient
FortiClient
Highlights
n Vulnerability
Assessment endpoint visibility through telemetry and ensures that all
n Centralized
Security Fabric components – FortiGate, FortiAnalyzer, EMS,
Management,
Logging, Reporting managed APs, managed Switches, and FortiSandbox – have
FortiGate integrations
a unified view of endpoints in order to provide tracking and
n
n Managed Services
available awareness, compliance enforcement, and reporting. Traditional
On-premise and
n
virtual private network (VPN) tunnels or new, automatic ZTNA
Cloud Management
options tunnels provide secure remote connectivity. Provide security
and protection for endpoints when local or remote.
1
FortiClient Data Sheet
Available in Features
Unified Endpoint features including compliance, protection, and secure access into a single
modular lightweight client. FortiClient is the agent for VPN, ZTNA, and Security Fabric
Virtual telemetry and is incorporated into FortiSASE, FortiNAC, and FortiPAM.
Universal ZTNA, with automatic, encrypted tunnels for controlled validated per-session access
to applications.
Advanced Threat Protection against exploits and advanced malware, powered by FortiGuard
along with FortiSandbox integration.
Hosted
Simplified Management and Policy Enforcement with FortiClient EMS, FortiClient Cloud, and
FortiGate.
2
FortiClient Data Sheet
Benefits
Universal ZTNA
FortiClient Universal ZTNA works with FortiOS to enable secure granular access to applications
no matter if the user is local or remote. Each session is initiated with an automatic, encrypted
tunnel from FortiClient to the FortiOS ZTNA Application Gateway for user and device
verification. If verified, access is granted for that session. You can also use multifactor
authentication to provide an additional layer of security. With Universal ZTNA, organizations
benefit from both a better remote access solution and a consistent policy for controlled access
to applications irrespective of endpoint location.
Vulnerability Assessment
FortiClient can reduce the attack surface by scanning endpoints for vulnerabilities and sharing
that information for appropriate action. Any vulnerabilities can be leveraged by firewall policies,
by ZTNA policies, or could result in quarantining of the endpoint.
3
FortiClient Data Sheet
Benefits continued
VPN
FortiClient provides flexible options for VPN connectivity. The split tunneling feature enables
remote users on VPNs to access the Internet without their traffic having to pass through
the corporate VPN headend, as in a typical VPN tunnel. This feature reduces latency, which
improves user experience. At the same time, FortiClient includes protections to ensure that
Internet-based transactions cannot backflow into the VPN connection and jeopardize the
corporate network.
In addition to simple remote connectivity, FortiClient simplifies the remote user experience with
features such as autoconnect and always-on VPN, as well as dynamic VPN gate selection. You
can also use multifactor authentication to provide an additional layer of security.
Ransomware Protection
Ransomware attacks have increased recently. In response, FortiClient has introduced new
ransomware protection, with the ability to roll back changes made by malicious programs,
putting the endpoint back to a preinfection state.
Flexible Licensing
The benefits of FortiClient are available through either the traditional device-based licensing
or the new user-based FortiTrust licensing. Both options offer the same functionality and allow
customers to decide how they want to subscribe to the benefits of FortiClient.
4
FortiClient Data Sheet
FortiClient Services
The managed services team works with customers to set up and configure their
FortiClient Managed Services FortiClient Cloud environment for the following capabilities:
include: cloud provisioning,
• Endpoint groups setup
onboarding, vulnerability
monitoring, setup and • ZTNA
integration.
• VPN
• Endpoint security
• Vulnerability management
• Security profiles and policies configuration
• Endpoint posture check rules
• Custom FortiClient installer creation and ongoing installer updates
Endpoint Onboarding
The managed services team creates customer FortiClient installers for customer-specific use
cases, sends invitation emails to users, and onboards them for FortiClient Cloud management
and provisioning.
The managed services team integrates FortiClient Cloud with the Fortinet Security Fabric
to support uses cases such as ZTNA, incidence response, and automation.
The managed services team monitors customer endpoints to identify high risk endpoints
and alert them of endpoints with critical and high vulnerabilities that would be easy targets
for cyber attacks. The managed services team detects, reports, and guides customers to
remediate those vulnerable endpoints.
5
FortiClient Data Sheet
Additional Services
6
FortiClient Data Sheet
Feature Highlights
FortiSandbox integrations assist with configuration and suspicious file analysis. Sandbox
settings are synchronized across managed endpoints, simplifying setup. A detailed analysis of
FortiClient submitted files is available in the central management tools. Administrators can see
all the behavior activity of a file, including graphic visualization of the full process tree.
FortiGate Integrations
Telemetry provides real-time endpoint visibility (including user avatar) on FortiGate console
so administrators can get a comprehensive view of the whole network. Telemetry also ensures
that all fabric components have a unified view of the endpoints.
FortiGate provides awareness
and control over all your Dynamic Access Control for Compliance Enforcement requires EMS to create virtual groups
endpoints. based on endpoint security posture. These virtual groups are then retrieved by FortiGate and
used in firewall policy for dynamic access control. Dynamic groups help automate and simplify
compliance to security policies.
Endpoint Quarantine helps to quickly disconnect a compromised endpoint from the network
and stop it from infecting other assets.
Automated Response helps detect and isolate suspicious or compromised endpoints without
manual intervention.
Application-based Split Tunnel supports source application-based split tunnel, where you can
specify application traffic to exclude from the VPN tunnel, such as high bandwidth apps.
Web Filtering with Keyword Search / YouTube Filters blocks web pages containing words or
patterns that you specify as well as limit users’ access by blocking or only allowing specified
YouTube channels.
7
FortiClient Data Sheet
Bundles
FortiPAM Support ✓⃝ ✓⃝ ✓⃝
AI powered NGAV ✓⃝ ✓⃝
Application Firewall3 ✓⃝ ✓⃝
Software Inventory ✓⃝ ✓⃝
Ransomware Protection 4 ✓⃝ ✓⃝
Endpoint Onboarding ✓⃝
Initial Provisioning ✓⃝
Vulnerability Monitoring ✓⃝
Additional Services
Best Practice Service (BPS) Consultation Account add-on Account add-on N/A Account add-on
24x7 Support ✓⃝ ✓⃝ ✓⃝ ✓⃝
FortiGuard Forensics Analysis Service Option Account add-on Account add-on Account add-on Account add-on
CERTIFIED
8
FortiClient Data Sheet
Endpoint Telemetry1 ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝
Web Filter2 ✓⃝ ✓⃝ ✓⃝ ✓⃝ ✓⃝
IPSec VPN ✓⃝ ✓⃝ ✓⃝
FortiPAM Agent ✓⃝
Endpoint Security
Antivirus ✓⃝ ✓⃝ ✓⃝
AntiExploit ✓⃝
Application Firewall ✓⃝ ✓⃝
Microsoft Windows 7 (32-bit and 64-bit) Microsoft Windows Server 2012 or later
Microsoft Windows 10 (32-bit and 64-bit) FortiClient 6.4 or later, FortiClient for Windows and macOS X, 6.4 for iOS and Android
Microsoft Windows Server 2012 or later 2.0 GHz 64-bit processor, six virtual CPUs, 8 GB RAM, 40 GB free hard disk,
Gigabit (10/100/1000BaseT)
macOS 10.14 or later
Ethernet adapter, Internet access
iOS 9.0 or later
Linux Ubuntu 16.04 and later, Red Hat 7.4 and later, CentOS 7.4 and later with
KDE or GNOME
Authentication Options
RADIUS, LDAP, local database, xAuth, TACACS+, digital certificate (X509 format),
FortiToken
Connection Options
9
FortiClient Data Sheet
Order Information
You can order FortiClient based on the number of devices. The following table reflects the latest FortiClient device-based
license packs.
EDITION ZTNA EPP/APT MANAGED CHROMEBOOK
SaaS (Cloud Hosted EMS)
25-pack FC1-10-EMS05-428-01-DD FC1-10-EMS05-429-01-DD FC1-10-EMS05-485-01-DD FC1-10-EMS05-403-01-DD
500-pack FC2-10-EMS05-428-01-DD FC2-10-EMS05-429-01-DD FC2-10-EMS05-485-01-DD FC2-10-EMS05-403-01-DD
2000-pack FC3-10-EMS05-428-01-DD FC3-10-EMS05-429-01-DD FC3-10-EMS05-485-01-DD FC3-10-EMS05-403-01-DD
10 000 pack FC4-10-EMS05-428-01-DD FC4-10-EMS05-429-01-DD FC4-10-EMS05-485-01-DD FC4-10-EMS05-403-01-DD
On Premise
25-pack FC1-10-EMS04-428-01-DD FC1-10-EMS04-429-01-DD FC1-10-EMS04-403-01-DD
500-pack FC2-10-EMS04-428-01-DD FC2-10-EMS04-429-01-DD FC2-10-EMS04-403-01-DD
2000-pack FC3-10-EMS04-428-01-DD FC3-10-EMS04-429-01-DD FC3-10-EMS04-403-01-DD
10 000 pack FC4-10-EMS04-428-01-DD FC4-10-EMS04-429-01-DD FC4-10-EMS04-403-01-DD
FortiCare Best Practices Consultation Service
25-999 endpoints FC1-10-FCBPS-310-02-DD
1000-9999 endpoints FC2-10-FCBPS-310-02-DD
10 000+ endpoints FC5-10-FCBPS-310-02-DD
Training Services
Classroom - virtual ILT FT-FCT
Lab access - standard NSE training
FT-FCT-LAB
lab environment
NSE5 exam voucher NSE-EX-SPL5
You can order FortiClient based on the number of users. The following table reflects the latest FortiTrust user-based license
ranges.
FORTITRUST USER-BASED LICENSE RANGES
SOLUTION SKU LICENSE VPN/ ZTNA EPP/ APT MANAGED
100-499 users FC2-10-EMS05-509-02-DD FC2-10-EMS05-546-02-DD FC2-10-EMS05-556-02-DD
500-1999 users FC3-10-EMS05-509-02-DD FC3-10-EMS05-546-02-DD FC3-10-EMS05-556-02-DD
Cloud-hosted EMS
2000-9999 users FC4-10-EMS05-509-02-DD FC4-10-EMS05-546-02-DD FC4-10-EMS05-556-02-DD
10 000+ users FC5-10-EMS05-509-02-DD FC5-10-EMS05-546-02-DD FC5-10-EMS05-556-02-DD
The following table reflects the latest licenses for the Forensic Analysis Service.
FORENSIC ANALYSIS SERVICE
SOLUTION SKU LICENSE VPN/ ZTNA VPN/ ZTNA + EPP/ APT MANAGED
25-pack FC1-10-EMS05-537-01-DD FC1-10-EMS05-538-01-DD FC1-10-EMS05-539-01-DD
500-pack FC2-10-EMS05-537-01-DD FC2-10-EMS05-538-01-DD FC2-10-EMS05-539-01-DD
Device-based Licenses
2000-pack FC3-10-EMS05-537-01-DD FC3-10-EMS05-538-01-DD FC3-10-EMS05-539-01-DD
10 000-pack FC4-10-EMS05-537-01-DD FC4-10-EMS05-538-01-DD FC4-10-EMS05-539-01-DD
100-499 users FC2-10-EMS05-557-02-DD FC2-10-EMS05-558-02-DD FC2-10-EMS05-559-02-DD
FortiTrust 500-1999 users FC3-10-EMS05-557-02-DD FC3-10-EMS05-558-02-DD FC3-10-EMS05-559-02-DD
(User-based Licenses) 2000-9999 users FC4-10-EMS05-557-02-DD FC4-10-EMS05-558-02-DD FC4-10-EMS05-559-02-DD
10 000+ users FC5-10-EMS05-557-02-DD FC5-10-EMS05-558-02-DD FC5-10-EMS05-559-02-DD
10
Fortinet Corporate Social Responsibility Policy
Fortinet is committed to driving progress and sustainability for all through cybersecurity, with
respect for human rights and ethical business practices, making possible a digital world you
can always trust. You represent and warrant to Fortinet that you will not use Fortinet’s products
and services to engage in, or support in any way, violations or abuses of human rights, including
those involving illegal censorship, surveillance, detention, or excessive use of force. Users of
Fortinet products are required to comply with the Fortinet EULA and report any suspected
violations of the EULA via the procedures outlined in the Fortinet Whistleblower Policy.
www.fortinet.com
Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.
FCT-DAT-R38-20231128