Question
Is FCT-Access on the WAN interface safe?
Is it safe to enable FCT-Access (FortiHeartBeat in FortiOS 5.4) on the WAN interface?
I would like my FortiClient's to be able to receive configuration updates when they are off-net. By default they register to the IP of an internal interface which is only accessible when on-net or using VPN (not all of the FortiClient's have VPN access).
I have not found any information suggesting that enabling FCT-Access is safe or unsafe. I am wondering if there is any source of information to guide me. I would hate to be opening myself up to a vulnerability if this is considered bad or if there is a hardening procedure I do not know about.