FortiClient and Firewall Policy Lockdown
Description
This article explains how to lockdown firewall policies so that users cannot disable or change them.
Scope
All FortiClient users.
Solution
The centralized lockdown feature has been available since the release of version 3.0 of FortiClient, the manual lockdown feature has been available since version 3.0 MR5.
An administrator can configure Manual Lockdown on the GUI. From the FortiClient Console select "Lock Settings", the following password prompt will appear:
If Remote Management has been enabled, it can be lockdowned by FortiClient's user interface via FortiManager. The FortiManager guide provides instructions on how to do this.
Alternatively you can force locking down for all users, including administrators, by creating a property in the MSI's property table.
- Create a new, or edit an existing, MSI transform file.
- Open the Property table and create a property called ADMINPWD. Set its value to the MD5 of a pass phrase of your choice.