FASES DE LA INVESTIGACION

The default FortiClient profile has only AntiVirus, Web Filter, and VPN options enabled. You can modify this profile or create your own FortiClient profiles, including settings for iOS and Android devices.

It is possible for more than one profile to be assigned to a device type. As with security policies, clients are matched to FortiClient profiles in the order that the profiles appear in the list.

To create a FortiClient profile - web-based manager

1. If you will use the Application Firewall feature, go toSecurity Profiles > Application Controlto create the Application Sensors that you will need.

2. If you will use Web Category Filtering, go toSecurity Profiles > Web Filterto create the Web Filter Profile that you will need.

3. Go toSecurity Profiles > FortiClient Profiles.

If there is only the default FortiClient profile, it will be displayed and ready to edit. At the top right of the page you can select or create other profiles.

4. SelectCreate Newor select an existing profile andEditit.

5. InAssign Profile To, select the device groups, user groups, and users to which this FortiClient profile applies.

This is not available for thedefaultprofile.

6. Configure the FortiClient Profile under the following tabs:Security,VPN,Advanced, andMobile:

Security option Description

AntiVirus

Realtime Protection Enable to configure AV options, includingScan File Downloads,Block malicious websites, andBlock attack channels.

Scheduled Scan Enable to configure the following:

lType:Select fromQuick,Full, orCustom.

lSchedule:Select fromDaily,Weekly, orMonthly. lTime:Select when the scan should take place.

Excluded Paths Enable to add paths you wish to be excluded from AV scanning.

Web Filter

Profile Select which Web Filter Profile you wish to use.

Client Side when On- Net

Select to enable client side web filtering when the device is On-Net.

Application Firewall Application Control list

Select which Application Control Sensor you wish to use.

Monitor unknown applications

Enable to monitor any applications that do not fall into any Application Control categories.

VPN option Description

VPN Client

VPN Provisioning

Enable to configure the FortiClient VPN client, and enter the VPN configuration details.

Allow user defined VPN

Enable to accept VPN tunnels for specific users.

VPN before Windows logon

Enable to establish the VPN connection before logging in to Windows.

Advanced option Description

Install CA Certificates Enable to force the FortiClient endpoint to download CA Certificates from the FortiGate.

Disable Unregister Option

Enable to prevent managed endpoints from unregistering.

Upload Logs to FortiAnalyzer

Enable to determine where FortiClient will upload its logs.Same as Systemwill send the logs as configured viaLog & Report > Log Settings. SelectSpecifyto upload them elsewhere.

FortiManager updates Enable to download client signature updates from FortiManager from specified IP addresses. Also, you canFailover to FDNwhen FortiManager is not available.

Dashboard Banner Enable to display the dashboard banner.

Client-based Logging when On-Net

Enable to always save logs on the client. Logs can be viewed with the FortiClient Console.

Single Sign-on Mobility Agent

Enable to configure a specific server with a pre-shared key for SSO.

Mobile option Description

iOS

Web Filter Select which Web Filter Profile you wish to use, and selectClient Side when On-Netto enable client side web filtering when the iOS device is On- Net.

Client

VPN Provisioning

Enable to configure the FortiClient VPN client, and enter the VPN configuration details.

Distribute

Configuration Profile

Enable to select and upload a '.mobileconfig' file that will be distributed to iOS devices.

Mobile option Description

Android

Web Filter Select which Web Filter Profile you wish to use, and selectClient Side when On-Netto enable client side web filtering when the Android device is On-Net.

Client

VPN Provisioning

Enable to configure the FortiClient VPN client, and enter the VPN configuration details.

7. SelectApply.

To create a FortiClient profile - CLI:

This example creates a profile for Windows and Mac computers. config endpoint-control profile

edit ep-profile1

set device-groups mac windows-pc config forticlient-winmac-settings

set forticlient-av enable set forticlient-wf enable

set forticlient-wf-profile default end

end

To install CA certificates - CLI:

config endpoint-control profile edit <profile>

config forticlient-winmac-settings

set install-ca-certificate [enable | disable] end

next end

Enforcing FortiClient registration

When you enable FortiHeartBeat on an interface, the option to enforce FortiClient registration becomes

available. Devices connecting to that interface are forced to register to the FortiGate and install FortiClient before gaining access to network services.

The following example includes editing the default FortiClient Profile to enforce realtime antivirus protection and malicious website blocking.

To enforce FortiClient registration on the internal interface - web-based manager:

1. On the FortiGate, go toSystem > Feature Selectand make sure thatEndpoint Controlis enabled.

2. Go toNetwork > Interfacesand edit the internal interface.

3. UnderRestrict Access, enableFortiHeartBeat.

4. UnderAdmission Control, enableEnforce FortiHeartBeat for all FortiClients.

5. Go toSecurity Profiles > FortiClient Profiles.

6. Under theSecuritytab, enableRealtime Protection,Scan File Downloads,Block malicious websites, and

Block attack channels.